Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.02.2015, 16:44   #1
Phil101
 
Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp - Standard

Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp



Hallo,
ich benötige mal eure Hilfe. Ich hatte auf meinem Laptop eine Trojaner, der auch von meinem AntiViren Programm (Bitdefender) erkannt wurde. Zusätzlich habe ich auch noch Malewarebytes auf meinem Laptop, dieses hat den Trojaner ebenfalls erkannt und durch dieses Programm wurde er auch entfernt.
Doch seid dem, taucht jedesmal nach einem Neustart, die Fehlermeldung: "Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp" auf.
Was kann ich tun?
Ich wäre um eine Hilfe eurerseits dankbar.

Alt 02.02.2015, 16:50   #2
Warlord711
/// TB-Ausbilder
 
Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp - Standard

Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp



Hallo Phil101



Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Hier findest du die Anleitung für Hilfesuchende
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg.

Wir arbeiten hier alle freiwillig und meist auch nur in unserer Freizeit. Daher kann es bei Antworten zu Verzögerungen kommen.
Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist.


Führe sämtliche Tools mit administrativen Rechten aus, Vista, Win7,Win8 User mit Rechtsklick "als Administrator starten".

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Cursor zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 02.02.2015, 17:37   #3
Phil101
 
Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp - Standard

Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp



Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:47 on 02/02/2015 (Philipp)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Philipp (administrator) on PHILIPP-PC on 02-02-2015 17:06:06
Running from C:\Users\Philipp\Downloads
Loaded Profiles: Philipp (Available profiles: Philipp)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
() C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\ProgramData\TVersity\Media Server\MediaServer.exe
(Dropbox, Inc.) C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
() C:\Program Files (x86)\Opera\27.0.1689.54\opera_crashreporter.exe
(Farbar) C:\Users\Philipp\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1686480 2015-01-26] (Bitdefender)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-1289413869-1661704052-1926519009-1001\...\Run: [Amazon Cloud Player] => C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] ()
HKU\S-1-5-21-1289413869-1661704052-1926519009-1001\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-01-26] (Bitdefender)
HKU\S-1-5-21-1289413869-1661704052-1926519009-1001\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Philipp\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-1289413869-1661704052-1926519009-1001\...\RunOnce: [Adobe Speed Launcher] => 1422892264
HKU\S-1-5-21-1289413869-1661704052-1926519009-1001\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-1289413869-1661704052-1926519009-1001\...\MountPoints2: {5b3968c0-6d4b-11e2-b57d-806e6f6e6963} - E:\autorun.exe
Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B9D0D3D10.lnk
ShortcutTarget: B9D0D3D10.lnk -> C:\PROGRA~3\01D3D0D9B.cpp (No File)
Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1289413869-1661704052-1926519009-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1289413869-1661704052-1926519009-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: HKLM-x32 - (No Name) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - No File
URLSearchHook: HKU\S-1-5-21-1289413869-1661704052-1926519009-1001 - (No Name) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - No File
SearchScopes: HKLM-x32 -> DefaultScope {18A7A560-2588-4E99-A018-5A3282885A75} URL = 
SearchScopes: HKU\S-1-5-21-1289413869-1661704052-1926519009-1001 -> DefaultScope {18A7A560-2588-4E99-A018-5A3282885A75} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2548838&CUI=UN36763650512378113&UM=1
SearchScopes: HKU\S-1-5-21-1289413869-1661704052-1926519009-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=DEAC002186B81241&affID=119557&tsp=4982
SearchScopes: HKU\S-1-5-21-1289413869-1661704052-1926519009-1001 -> {18A7A560-2588-4E99-A018-5A3282885A75} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2548838&CUI=UN36763650512378113&UM=1
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SaveSense -> {71E129FF-6C2A-4984-818C-7E2C998B8D99} -> C:\Users\Philipp\AppData\Local\SaveSense\SaveSenseIE.dll (SaveSense)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - No Name - {66bd2442-241b-44cd-8c7a-b51037053cdb} -  No File
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Toolbar: HKU\S-1-5-21-1289413869-1661704052-1926519009-1001 -> No Name - {66BD2442-241B-44CD-8C7A-B51037053CDB} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1289413869-1661704052-1926519009-1001: @www.flatcast.com/FlatViewer 5.2 -> C:\Users\Philipp\AppData\Roaming\Mozilla\Plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Plugin HKU\S-1-5-21-1289413869-1661704052-1926519009-1001: amazon.com/AmazonMP3DownloaderPlugin -> F:\Diashow\Download\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-1289413869-1661704052-1926519009-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Philipp\AppData\Roaming\mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-11-11]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-11-11]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path

Opera: 
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-01-26] (Bitdefender)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239696 2013-07-23] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1249064 2011-07-29] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-11-25] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1545376 2015-01-26] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\B9D0D3D10.zot [360448 2015-01-29] () [File not signed]
S3 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-11-25] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [263032 2014-11-25] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-05-16] (BitDefender)
R3 AVerAF15; C:\Windows\System32\Drivers\AVerAF15.sys [369024 2008-01-16] (AVerMedia TECHNOLOGIES, Inc.)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-11-13] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-01-26] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [155912 2015-01-26] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-02-02] (Duplex Secure Ltd.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-11-25] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 16:58 - 2015-02-02 16:58 - 00000375 _____ () C:\Users\Philipp\Downloads\Addition.txt
2015-02-02 16:57 - 2015-02-02 17:06 - 00017079 _____ () C:\Users\Philipp\Downloads\FRST.txt
2015-02-02 16:57 - 2015-02-02 16:57 - 02131456 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64 (1).exe
2015-02-02 16:47 - 2015-02-02 16:47 - 00000586 _____ () C:\Users\Philipp\Downloads\defogger_disable.log
2015-02-02 16:47 - 2015-02-02 16:47 - 00000020 _____ () C:\Users\Philipp\defogger_reenable
2015-02-02 16:46 - 2015-02-02 16:46 - 00050477 _____ () C:\Users\Philipp\Downloads\Defogger.exe
2015-02-02 16:27 - 2015-02-02 17:06 - 00000000 ____D () C:\FRST
2015-02-02 16:26 - 2015-02-02 16:26 - 02131456 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64.exe
2015-02-01 21:38 - 2015-02-01 21:40 - 00000000 ____D () C:\AdwCleaner
2015-02-01 21:38 - 2015-02-01 21:38 - 02194432 _____ () C:\Users\Philipp\Downloads\adwcleaner_4.109 (2).exe
2015-02-01 21:37 - 2015-02-01 21:37 - 02194432 _____ () C:\Users\Philipp\Downloads\adwcleaner_4.109 (1).exe
2015-02-01 21:34 - 2015-02-01 21:34 - 02194432 _____ () C:\Users\Philipp\Downloads\AdwCleaner_4.109.exe
2015-02-01 21:20 - 2015-02-01 21:20 - 19577400 _____ () C:\Users\Philipp\Downloads\TVersitySetup_2_6.exe
2015-02-01 21:20 - 2015-02-01 21:20 - 00936616 _____ () C:\Users\Philipp\Downloads\FLVPlayerSetup.exe
2015-02-01 21:20 - 2015-02-01 21:20 - 00936616 _____ () C:\Users\Philipp\Downloads\FLVPlayerSetup (1).exe
2015-02-01 21:20 - 2015-02-01 21:20 - 00386936 _____ (Softonic ) C:\Users\Philipp\Downloads\SoftonicDownloader_fuer_euro-truck-simulator-2-patch.exe
2015-02-01 21:20 - 2015-02-01 21:20 - 00386936 _____ (Softonic ) C:\Users\Philipp\Downloads\SoftonicDownloader_fuer_euro-truck-simulator-2-patch (1).exe
2015-02-01 21:20 - 2015-02-01 21:20 - 00003382 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2015-02-01 21:20 - 2015-02-01 21:20 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\SaveSense
2015-02-01 21:20 - 2015-02-01 21:20 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\OpenCandy
2015-02-01 21:20 - 2015-02-01 21:20 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
2015-02-01 21:20 - 2015-02-01 21:20 - 00000000 ____D () C:\Users\Philipp\AppData\Local\SaveSense
2015-02-01 20:38 - 2015-02-02 17:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 20:37 - 2015-02-01 20:37 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-01 20:37 - 2015-02-01 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-01 20:37 - 2015-02-01 20:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-01 20:37 - 2015-02-01 20:37 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-01 20:37 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-01 20:37 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-01 20:37 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-01 20:35 - 2015-02-01 20:36 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Philipp\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-29 19:09 - 2015-01-29 19:09 - 00360448 ____T () C:\ProgramData\B9D0D3D10.zot
2015-01-29 19:09 - 2015-01-29 19:09 - 00001268 _____ () C:\Users\Philipp\Desktop\Revo Uninstaller.lnk
2015-01-29 19:09 - 2015-01-29 19:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-29 19:08 - 2015-01-29 19:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Philipp\Downloads\revosetup95.exe
2015-01-27 06:34 - 2015-01-27 06:34 - 00000000 ____D () C:\ProgramData\bdch
2015-01-26 20:46 - 2015-01-26 20:46 - 00155912 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-01-26 20:45 - 2015-01-26 20:45 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2015-01-26 19:37 - 2015-01-26 19:37 - 00000000 ____D () C:\ProgramData\MobileBrServ

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 16:59 - 2013-11-22 22:11 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-02 16:58 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-02 16:58 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-02 16:56 - 2014-03-31 12:01 - 00000000 ___RD () C:\Users\Philipp\Dropbox
2015-02-02 16:56 - 2014-03-31 11:59 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Dropbox
2015-02-02 16:54 - 2012-10-09 17:43 - 01483715 _____ () C:\Windows\WindowsUpdate.log
2015-02-02 16:51 - 2013-09-02 11:52 - 00059890 _____ () C:\Windows\SysWOW64\TVersityMediaServer.log
2015-02-02 16:50 - 2014-11-12 14:18 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 16:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-02 16:50 - 2009-07-14 05:51 - 00108663 _____ () C:\Windows\setupact.log
2015-02-02 16:47 - 2012-10-09 17:51 - 00000000 ____D () C:\Users\Philipp
2015-02-02 16:42 - 2012-10-09 18:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-02 16:23 - 2014-11-12 14:18 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 06:24 - 2012-10-10 17:58 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\vlc
2015-02-01 21:20 - 2014-03-04 13:54 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\systweak
2015-02-01 21:20 - 2013-09-02 11:50 - 00000000 ____D () C:\Program Files (x86)\TVersitybar
2015-02-01 21:16 - 2010-11-21 04:47 - 00828106 _____ () C:\Windows\PFRO.log
2015-02-01 20:42 - 2012-10-09 18:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-01 20:42 - 2012-10-09 18:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-01 20:42 - 2012-10-09 18:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-01 20:39 - 2014-06-04 17:50 - 00003856 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1394150704
2015-01-29 20:03 - 2012-12-05 19:09 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-01-26 20:45 - 2013-11-28 11:34 - 00033360 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2015-01-26 20:44 - 2014-11-11 12:06 - 00074000 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2015-01-26 20:44 - 2013-11-28 11:34 - 00084336 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2015-01-26 19:55 - 2011-04-12 08:43 - 00711094 _____ () C:\Windows\system32\perfh007.dat
2015-01-26 19:55 - 2011-04-12 08:43 - 00153542 _____ () C:\Windows\system32\perfc007.dat
2015-01-26 19:55 - 2009-07-14 06:13 - 01651444 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-26 19:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-16 21:07 - 2014-09-07 14:47 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Adobe

==================== Files in the root of some directories =======

2012-10-10 18:08 - 2014-05-11 12:26 - 0000072 _____ () C:\Users\Philipp\AppData\Roaming\DAXACHRT.INI
2014-03-04 13:54 - 2014-03-04 13:54 - 0000044 _____ () C:\Users\Philipp\AppData\Roaming\WB.CFG
2013-11-08 23:31 - 2013-11-08 23:31 - 0001525 _____ () C:\Users\Philipp\AppData\Local\recently-used.xbel
2014-11-11 12:00 - 2014-11-11 12:00 - 0566970 _____ () C:\ProgramData\1415703224.bdinstall.bin
2015-01-29 19:09 - 2015-01-29 19:09 - 0360448 ____T () C:\ProgramData\B9D0D3D10.zot

Some content of TEMP:
====================
C:\Users\Philipp\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpocvnwx.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-28 06:04

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Philipp at 2015-02-02 16:58:34
Running from C:\Users\Philipp\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)
         
Sorry aber die Datei von GMER ist zu Groß. Ist das normal, dass ich 821534 Zeichen habe???
Soll ich diese dann in mehreren Teilen posten?
__________________

Alt 02.02.2015, 17:41   #4
Warlord711
/// TB-Ausbilder
 
Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp - Standard

Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp



Die Attention.txt ist nicht komplett.

Das GMER Log kannst du über mehrere Antworten aufteilen.
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 02.02.2015, 17:52   #5
Phil101
 
Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp - Standard

Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp



Teil 1 GMER:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-02 17:24:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVS-60UST0 rev.01.01A01 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\Philipp\AppData\Local\Temp\pxliyfod.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                0000000077191570 6 bytes [48, B8, F0, 12, A2, 01]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                                                            0000000077191578 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[856] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1                                                                                                                                   0000000076fbb7e1 11 bytes [B8, F0, 12, 8B, 01, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                                                                                          00000000771792d1 5 bytes [B8, 39, 69, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                                                                                          00000000771792d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                                                                                               0000000077191330 6 bytes [48, B8, F9, EF, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                                                                                           0000000077191338 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                                                   00000000771913a0 6 bytes [48, B8, 39, BD, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                                                                                               00000000771913a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                                                                                   0000000077191470 6 bytes [48, B8, F9, A9, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                                                                               0000000077191478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                             0000000077191510 6 bytes [48, B8, F9, 32, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                                                                                         0000000077191518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                        0000000077191530 6 bytes [48, B8, 39, 1C, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                                                                                    0000000077191538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                                                                                      0000000077191550 6 bytes [48, B8, F9, 1D, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                                                                                  0000000077191558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                        0000000077191570 6 bytes [48, B8, 39, A8, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                                                                                    0000000077191578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                             0000000077191620 6 bytes [48, B8, 79, EC, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                                                                                         0000000077191628 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                      0000000077191650 6 bytes [48, B8, 79, 2F, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                                                                                  0000000077191658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                         0000000077191670 6 bytes [48, B8, 79, 36, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                                                                                     0000000077191678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                          0000000077191700 6 bytes [48, B8, B9, 34, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                                                                                      0000000077191708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                           0000000077191750 6 bytes [48, B8, B9, F1, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                                                                                       0000000077191758 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                                                                                         0000000077191780 6 bytes [48, B8, 39, 2A, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                                                                                     0000000077191788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                            0000000077191790 6 bytes [48, B8, B9, 26, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                                                                                        0000000077191798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                                                              0000000077191800 6 bytes [48, B8, 39, EE, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                                                                                          0000000077191808 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                                                                             00000000771918b0 6 bytes [48, B8, 39, F5, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                                                                                         00000000771918b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                            0000000077191c80 6 bytes [48, B8, B9, EA, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                                                                                        0000000077191c88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                                                                           0000000077191cd0 6 bytes [48, B8, 79, 28, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                                                                                       0000000077191cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                          0000000077191d30 6 bytes [48, B8, F9, 24, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                                                                                      0000000077191d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                              00000000771920a0 6 bytes [48, B8, F9, BE, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                                                                                          00000000771920a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                                                                                          00000000771925e0 6 bytes [48, B8, 79, 83, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                                                                                      00000000771925e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                        00000000771927e0 6 bytes [48, B8, 39, 31, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                                                                                    00000000771927e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                    00000000771929a0 6 bytes [48, B8, B9, C0, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                                                                                00000000771929a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                          0000000077192a80 6 bytes [48, B8, 79, 3D, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                                                                                      0000000077192a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                           0000000077192a90 6 bytes [48, B8, B9, 3B, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                                                                                       0000000077192a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                      0000000077192aa0 6 bytes [48, B8, 79, F3, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                                                                                  0000000077192aa8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                              0000000077192b80 6 bytes [48, B8, 79, E5, 65, 73]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                                                                                          0000000077192b88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                                                                                    0000000077203201 11 bytes [B8, 39, 85, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                                                                                     0000000076f21b21 11 bytes [B8, 79, BB, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                                                               0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6                                                                                                                                                           0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                                                                                        0000000076f22b61 8 bytes [B8, 79, D0, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                                                                                       0000000076f22b6a 2 bytes [50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                                                 0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                                                                                    0000000076f40931 11 bytes [B8, B9, E3, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                                                                                  0000000076f752f1 11 bytes [B8, B9, 7A, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                                                                                  0000000076f75311 11 bytes [B8, 39, 77, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                                                                           0000000076f8a5e0 12 bytes [48, B8, B9, 81, 65, 73, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                                                                           0000000076f8a6f0 12 bytes [48, B8, 39, 7E, 65, 73, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                                                                                              0000000076faf491 11 bytes [B8, 79, D7, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                                                                                              0000000076faf691 11 bytes [B8, F9, D3, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                                                                                        0000000076faf6c1 8 bytes [B8, F9, CC, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                                                                                       0000000076faf6ca 2 bytes [50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                                                                                      000007fefd061861 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                                                      000007fefd062db1 11 bytes [B8, 39, AF, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                                                                                   000007fefd063461 11 bytes [B8, F9, B0, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                                       000007fefd068ef0 12 bytes [48, B8, 79, AD, 65, 73, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                                                         000007fefd0694c0 12 bytes [48, B8, B9, 50, 65, 73, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                                                   000007fefd06bfd1 11 bytes [B8, B9, AB, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                                                       000007fefd072af1 11 bytes [B8, F9, 4E, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                                                                                   000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                                                 000007fefd0a0c11 11 bytes [B8, 79, C9, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                                                                               000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                                                                              000007fefd0a287a 2 bytes [50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                                                                                     000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                                                      000007fefd39642d 11 bytes [B8, 39, 5B, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                                                            000007fefd396484 12 bytes [48, B8, F9, 55, 65, 73, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                                                  000007fefd396519 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                                                            000007fefd396c34 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                                                       000007fefd397ab5 11 bytes [B8, F9, 5C, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                                                   000007fefd398b01 11 bytes [B8, B9, 57, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                                                   000007fefd398c39 11 bytes [B8, 79, 59, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\System32\DNSAPI.dll!DnsQuery_UTF8                                                                                                                                                                            000007fefc5656e0 12 bytes [48, B8, F9, C5, 65, 73, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\System32\DNSAPI.dll!DnsQuery_W                                                                                                                                                                               000007fefc57010c 12 bytes [48, B8, 39, C4, 65, 73, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\System32\DNSAPI.dll!DnsQuery_A                                                                                                                                                                               000007fefc58daa0 12 bytes [48, B8, 79, C2, 65, 73, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                                                                              000007fefd9213b1 11 bytes [B8, 79, A6, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                                                                              000007fefd9218e0 12 bytes [48, B8, B9, A4, 65, 73, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                                                                                           000007fefd921bd1 11 bytes [B8, F9, A2, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                                                                              000007fefd922201 11 bytes [B8, 39, E0, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                                                                             000007fefd9223c0 12 bytes [48, B8, 39, 8C, 65, 73, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\WS2_32.dll!connect                                                                                                                                                                                  000007fefd9245c0 12 bytes [48, B8, 79, 67, 65, 73, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                                                                                 000007fefd928001 11 bytes [B8, 39, A1, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                                                                                            000007fefd928df0 7 bytes [48, B8, B9, 8F, 65, 73, 00]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                                                                                        000007fefd928df9 3 bytes [00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                                                                                           000007fefd92c090 12 bytes [48, B8, F9, 8D, 65, 73, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                                                                               000007fefd92de91 11 bytes [B8, 39, D9, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                                                                                 000007fefd92df41 11 bytes [B8, 79, DE, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1920] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                                                                           000007fefd94e0f1 11 bytes [B8, B9, DC, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                                                                                          00000000771792d1 5 bytes [B8, 39, 69, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                                                                                          00000000771792d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                                                                                               0000000077191330 6 bytes [48, B8, B9, EA, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                                                                                           0000000077191338 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                                                   00000000771913a0 6 bytes [48, B8, 39, BD, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                                                                                               00000000771913a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                                                                                   0000000077191470 6 bytes [48, B8, F9, A9, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                                                                               0000000077191478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                             0000000077191510 6 bytes [48, B8, F9, 32, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                                                                                         0000000077191518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                        0000000077191530 6 bytes [48, B8, 39, 1C, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                                                                                    0000000077191538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                                                                                      0000000077191550 6 bytes [48, B8, F9, 1D, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                                                                                  0000000077191558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                        0000000077191570 6 bytes [48, B8, 39, A8, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                                                                                    0000000077191578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                             0000000077191620 6 bytes [48, B8, 39, E7, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                                                                                         0000000077191628 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                      0000000077191650 6 bytes [48, B8, 79, 2F, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                                                                                  0000000077191658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                         0000000077191670 6 bytes [48, B8, 79, 36, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                                                                                     0000000077191678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                          0000000077191700 6 bytes [48, B8, B9, 34, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                                                                                      0000000077191708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                           0000000077191750 6 bytes [48, B8, 79, EC, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                                                                                       0000000077191758 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                                                                                         0000000077191780 6 bytes [48, B8, 39, 2A, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                                                                                     0000000077191788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                            0000000077191790 6 bytes [48, B8, B9, 26, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                                                                                        0000000077191798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                                                              0000000077191800 6 bytes [48, B8, F9, E8, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                                                                                          0000000077191808 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                                                                             00000000771918b0 6 bytes [48, B8, F9, EF, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                                                                                         00000000771918b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                            0000000077191c80 6 bytes [48, B8, 79, E5, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                                                                                        0000000077191c88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                                                                           0000000077191cd0 6 bytes [48, B8, 79, 28, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                                                                                       0000000077191cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                          0000000077191d30 6 bytes [48, B8, F9, 24, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                                                                                      0000000077191d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                              00000000771920a0 6 bytes [48, B8, F9, BE, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                                                                                          00000000771920a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                                                                                          00000000771925e0 6 bytes [48, B8, 79, 83, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                                                                                      00000000771925e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                        00000000771927e0 6 bytes [48, B8, 39, 31, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                                                                                    00000000771927e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                    00000000771929a0 6 bytes [48, B8, B9, C0, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                                                                                00000000771929a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                          0000000077192a80 6 bytes [48, B8, 79, 3D, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                                                                                      0000000077192a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                           0000000077192a90 6 bytes [48, B8, B9, 3B, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                                                                                       0000000077192a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                      0000000077192aa0 6 bytes [48, B8, 39, EE, 65, 73]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                                                                                  0000000077192aa8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                                                                                    0000000077203201 11 bytes [B8, 39, 85, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                                                                                     0000000076f21b21 11 bytes [B8, 79, BB, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                                                               0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6                                                                                                                                                           0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                                                                                        0000000076f22b61 8 bytes [B8, 79, D0, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                                                                                       0000000076f22b6a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                                                 0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                                                                                    0000000076f40931 11 bytes [B8, B9, E3, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                                                                                  0000000076f752f1 11 bytes [B8, B9, 7A, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                                                                                  0000000076f75311 11 bytes [B8, 39, 77, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                                                                           0000000076f8a5e0 12 bytes [48, B8, B9, 81, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                                                                           0000000076f8a6f0 12 bytes [48, B8, 39, 7E, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                                                                                              0000000076faf491 11 bytes [B8, 79, D7, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                                                                                              0000000076faf691 11 bytes [B8, F9, D3, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                                                                                        0000000076faf6c1 8 bytes [B8, F9, CC, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                                                                                       0000000076faf6ca 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                                                                                      000007fefd061861 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                                                      000007fefd062db1 11 bytes [B8, 39, AF, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                                                                                   000007fefd063461 11 bytes [B8, F9, B0, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                                       000007fefd068ef0 12 bytes [48, B8, 79, AD, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                                                         000007fefd0694c0 12 bytes [48, B8, B9, 50, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                                                   000007fefd06bfd1 11 bytes [B8, B9, AB, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                                                       000007fefd072af1 11 bytes [B8, F9, 4E, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                                                                                   000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                                                 000007fefd0a0c11 11 bytes [B8, 79, C9, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                                                                               000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                                                                              000007fefd0a287a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                                                                                     000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1
         


Alt 02.02.2015, 17:53   #6
Phil101
 
Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp - Standard

Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp



Teil 2 GMER
Code:
ATTFilter
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                                                            000007fefd396484 12 bytes [48, B8, F9, 55, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                                                  000007fefd396519 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                                                            000007fefd396c34 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                                                       000007fefd397ab5 11 bytes [B8, F9, 5C, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                                                   000007fefd398b01 11 bytes [B8, B9, 57, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                                                   000007fefd398c39 11 bytes [B8, 79, 59, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                                                                                                                     000007fefedc4ea1 11 bytes [B8, 79, F3, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                                                                                         000007fefedc55c8 12 bytes [48, B8, B9, 6C, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                                                                                         000007fefeddb85c 12 bytes [48, B8, F9, 6A, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                                                                                                                   000007fefeddb9d0 12 bytes [48, B8, 79, 60, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA                                                                                                                                                                   000007fefeddba3c 12 bytes [48, B8, B9, 5E, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                                                                              000007fefd9213b1 11 bytes [B8, 79, A6, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                                                                              000007fefd9218e0 12 bytes [48, B8, B9, A4, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                                                                                           000007fefd921bd1 11 bytes [B8, F9, A2, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                                                                              000007fefd922201 11 bytes [B8, 39, E0, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                                                                             000007fefd9223c0 12 bytes [48, B8, 39, 8C, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!connect                                                                                                                                                                                  000007fefd9245c0 12 bytes [48, B8, 79, 67, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                                                                                 000007fefd928001 11 bytes [B8, 39, A1, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                                                                                            000007fefd928df0 7 bytes [48, B8, B9, 8F, 65, 73, 00]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                                                                                        000007fefd928df9 3 bytes [00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                                                                                           000007fefd92c090 12 bytes [48, B8, F9, 8D, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                                                                               000007fefd92de91 11 bytes [B8, 39, D9, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                                                                                 000007fefd92df41 11 bytes [B8, 79, DE, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                                                                           000007fefd94e0f1 11 bytes [B8, B9, DC, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                                                                                         00000000771792d1 5 bytes [B8, 39, 69, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                                                                                         00000000771792d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                                                                                              0000000077191330 6 bytes [48, B8, F9, EF, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                                                                                          0000000077191338 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                                                  00000000771913a0 6 bytes [48, B8, 39, BD, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                                                                                              00000000771913a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                                                                                  0000000077191470 6 bytes [48, B8, F9, A9, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                                                                              0000000077191478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                            0000000077191510 6 bytes [48, B8, F9, 32, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                                                                                        0000000077191518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                       0000000077191530 6 bytes [48, B8, 39, 1C, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                                                                                   0000000077191538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                                                                                     0000000077191550 6 bytes [48, B8, F9, 1D, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                                                                                 0000000077191558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                       0000000077191570 6 bytes [48, B8, 39, A8, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                                                                                   0000000077191578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                            0000000077191620 6 bytes [48, B8, 79, EC, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                                                                                        0000000077191628 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                     0000000077191650 6 bytes [48, B8, 79, 2F, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                                                                                 0000000077191658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                        0000000077191670 6 bytes [48, B8, 79, 36, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                                                                                    0000000077191678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                         0000000077191700 6 bytes [48, B8, B9, 34, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                                                                                     0000000077191708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                          0000000077191750 6 bytes [48, B8, B9, F1, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                                                                                      0000000077191758 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                                                                                        0000000077191780 6 bytes [48, B8, 39, 2A, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                                                                                    0000000077191788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                           0000000077191790 6 bytes [48, B8, B9, 26, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                                                                                       0000000077191798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                                                             0000000077191800 6 bytes [48, B8, 39, EE, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                                                                                         0000000077191808 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                                                                            00000000771918b0 6 bytes [48, B8, 39, F5, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                                                                                        00000000771918b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                           0000000077191c80 6 bytes [48, B8, B9, EA, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                                                                                       0000000077191c88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                                                                          0000000077191cd0 6 bytes [48, B8, 79, 28, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                                                                                      0000000077191cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                         0000000077191d30 6 bytes [48, B8, F9, 24, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                                                                                     0000000077191d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                             00000000771920a0 6 bytes [48, B8, F9, BE, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                                                                                         00000000771920a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                                                                                         00000000771925e0 6 bytes [48, B8, 79, 83, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                                                                                     00000000771925e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                       00000000771927e0 6 bytes [48, B8, 39, 31, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                                                                                   00000000771927e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                   00000000771929a0 6 bytes [48, B8, B9, C0, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                                                                               00000000771929a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                         0000000077192a80 6 bytes [48, B8, 79, 3D, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                                                                                     0000000077192a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                          0000000077192a90 6 bytes [48, B8, B9, 3B, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                                                                                      0000000077192a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                     0000000077192aa0 6 bytes [48, B8, 79, F3, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                                                                                 0000000077192aa8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                             0000000077192b80 6 bytes [48, B8, 79, E5, 65, 73]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                                                                                         0000000077192b88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                                                                                   0000000077203201 11 bytes [B8, 39, 85, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                                                                                    0000000076f21b21 11 bytes [B8, 79, BB, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                                                              0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6                                                                                                                                                          0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                                                                                       0000000076f22b61 8 bytes [B8, 79, D0, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                                                                                      0000000076f22b6a 2 bytes [50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                                                0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                                                                                   0000000076f40931 11 bytes [B8, B9, E3, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                                                                                 0000000076f752f1 11 bytes [B8, B9, 7A, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                                                                                 0000000076f75311 11 bytes [B8, 39, 77, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                                                                          0000000076f8a5e0 12 bytes [48, B8, B9, 81, 65, 73, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                                                                          0000000076f8a6f0 12 bytes [48, B8, 39, 7E, 65, 73, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                                                                                             0000000076faf491 11 bytes [B8, 79, D7, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                                                                                             0000000076faf691 11 bytes [B8, F9, D3, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                                                                                       0000000076faf6c1 8 bytes [B8, F9, CC, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                                                                                      0000000076faf6ca 2 bytes [50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                                                                                     000007fefd061861 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                                                     000007fefd062db1 11 bytes [B8, 39, AF, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                                                                                  000007fefd063461 11 bytes [B8, F9, B0, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                                      000007fefd068ef0 12 bytes [48, B8, 79, AD, 65, 73, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                                                        000007fefd0694c0 12 bytes [48, B8, B9, 50, 65, 73, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                                                  000007fefd06bfd1 11 bytes [B8, B9, AB, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                                                      000007fefd072af1 11 bytes [B8, F9, 4E, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                                                                                  000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                                                000007fefd0a0c11 11 bytes [B8, 79, C9, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                                                                              000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                                                                             000007fefd0a287a 2 bytes [50, C3]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                                                                                    000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                                                     000007fefd39642d 11 bytes [B8, 39, 5B, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                                                           000007fefd396484 12 bytes [48, B8, F9, 55, 65, 73, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                                                 000007fefd396519 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                                                           000007fefd396c34 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                                                      000007fefd397ab5 11 bytes [B8, F9, 5C, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                                                  000007fefd398b01 11 bytes [B8, B9, 57, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                                                  000007fefd398c39 11 bytes [B8, 79, 59, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                                                                                                                    000007fefedc4ea1 11 bytes [B8, B9, F8, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                                                                                        000007fefedc55c8 12 bytes [48, B8, B9, 6C, 65, 73, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                                                                                        000007fefeddb85c 12 bytes [48, B8, F9, 6A, 65, 73, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                                                                                                                  000007fefeddb9d0 12 bytes [48, B8, 79, 60, 65, 73, 00, ...]
.text    C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA                                                                                                                                                                  000007fefeddba3c 12 bytes [48, B8, B9, 5E, 65, 73, 00, ...]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                                                                                                  00000000771792d1 5 bytes [B8, F9, 55, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                                                                                                  00000000771792d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                                                                                           0000000077191470 6 bytes [48, B8, F9, 5C, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                                                                                       0000000077191478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                                     0000000077191510 6 bytes [48, B8, F9, 32, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                                                                                                 0000000077191518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                                0000000077191530 6 bytes [48, B8, 39, 1C, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                                                                                            0000000077191538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                                                                                              0000000077191550 6 bytes [48, B8, F9, 1D, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                                                                                          0000000077191558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                                0000000077191570 6 bytes [48, B8, 39, 5B, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                                                                                            0000000077191578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                                     0000000077191620 6 bytes [48, B8, F9, 7F, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                                                                                                 0000000077191628 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                              0000000077191650 6 bytes [48, B8, 79, 2F, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                                                                                          0000000077191658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                                 0000000077191670 6 bytes [48, B8, 79, 36, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                                                                                             0000000077191678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                                  0000000077191700 6 bytes [48, B8, B9, 34, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                                                                                              0000000077191708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                                   0000000077191750 6 bytes [48, B8, B9, 81, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                                                                                               0000000077191758 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                                                                                                 0000000077191780 6 bytes [48, B8, 39, 2A, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                                                                                             0000000077191788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                                    0000000077191790 6 bytes [48, B8, B9, 26, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                                                                                                0000000077191798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                                                                                     00000000771918b0 6 bytes [48, B8, 39, 85, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                                                                                                 00000000771918b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                                    0000000077191c80 6 bytes [48, B8, 39, 7E, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                                                                                                0000000077191c88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                                                                                   0000000077191cd0 6 bytes [48, B8, 79, 28, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                                                                                               0000000077191cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                  0000000077191d30 6 bytes [48, B8, F9, 24, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                                                                                              0000000077191d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                                      00000000771920a0 6 bytes [48, B8, B9, 5E, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                                                                                                  00000000771920a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                                00000000771927e0 6 bytes [48, B8, 39, 31, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                                                                                            00000000771927e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                            00000000771929a0 6 bytes [48, B8, 79, 60, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                                                                                        00000000771929a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                                  0000000077192a80 6 bytes [48, B8, 79, 3D, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                                                                                              0000000077192a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                                   0000000077192a90 6 bytes [48, B8, B9, 3B, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                                                                                               0000000077192a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                              0000000077192aa0 6 bytes [48, B8, 79, 83, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                                                                                          0000000077192aa8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                                      0000000077192b80 6 bytes [48, B8, 79, 75, 65, 73]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                                                                                                  0000000077192b88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                                                                       0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6                                                                                                                                                                   0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                                                                                                0000000076f22b61 8 bytes [B8, 39, 69, 65, 73, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                                                                                               0000000076f22b6a 2 bytes [50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                                                         0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                                                                                            0000000076f40931 11 bytes [B8, B9, 73, 65, 73, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                                                                                                      0000000076faf491 11 bytes [B8, 39, 70, 65, 73, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                                                                                                      0000000076faf691 11 bytes [B8, B9, 6C, 65, 73, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                                                                                                0000000076faf6c1 8 bytes [B8, B9, 65, 65, 73, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                                                                                               0000000076faf6ca 2 bytes [50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                                                                                           000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                                                         000007fefd0a0c11 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                                                                                       000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                                                                                      000007fefd0a287a 2 bytes [50, C3]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                                                                                             000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                                                              000007fefd39642d 11 bytes [B8, 79, 4B, 65, 73, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                                                                    000007fefd396484 12 bytes [48, B8, 39, 46, 65, 73, 00, ...]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                                                          000007fefd396519 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                                                                    000007fefd396c34 12 bytes [48, B8, 79, 44, 65, 73, 00, ...]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                                                               000007fefd397ab5 11 bytes [B8, 39, 4D, 65, 73, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                                                           000007fefd398b01 11 bytes [B8, F9, 47, 65, 73, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                                                           000007fefd398c39 11 bytes [B8, B9, 49, 65, 73, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2064] C:\Windows\system32\WS2_32.dll!connect                                                                                                                                                                                          000007fefd9245c0 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                              0000000076f21b21 11 bytes [B8, 79, BB, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                        0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6                                                                                    0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                 0000000076f22b61 8 bytes [B8, 79, D0, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                0000000076f22b6a 2 bytes [50, C3]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                          0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                             0000000076f40931 11 bytes [B8, B9, E3, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                           0000000076f752f1 11 bytes [B8, B9, 7A, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                           0000000076f75311 11 bytes [B8, 39, 77, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                    0000000076f8a5e0 12 bytes [48, B8, B9, 81, 65, 73, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                    0000000076f8a6f0 12 bytes [48, B8, 39, 7E, 65, 73, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                       0000000076faf491 11 bytes [B8, 79, D7, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                       0000000076faf691 11 bytes [B8, F9, D3, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                 0000000076faf6c1 8 bytes [B8, F9, CC, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                0000000076faf6ca 2 bytes [50, C3]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                               000007fefd061861 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                               000007fefd062db1 11 bytes [B8, 39, AF, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                            000007fefd063461 11 bytes [B8, F9, B0, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                000007fefd068ef0 12 bytes [48, B8, 79, AD, 65, 73, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                  000007fefd0694c0 12 bytes [48, B8, B9, 50, 65, 73, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                            000007fefd06bfd1 11 bytes [B8, B9, AB, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                000007fefd072af1 11 bytes [B8, F9, 4E, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                            000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                          000007fefd0a0c11 11 bytes [B8, 79, C9, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                        000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                       000007fefd0a287a 2 bytes [50, C3]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                              000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                               000007fefd39642d 11 bytes [B8, 39, 5B, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                     000007fefd396484 12 bytes [48, B8, F9, 55, 65, 73, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                           000007fefd396519 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                     000007fefd396c34 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                000007fefd397ab5 11 bytes [B8, F9, 5C, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                            000007fefd398b01 11 bytes [B8, B9, 57, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                            000007fefd398c39 11 bytes [B8, 79, 59, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                                                                               00000000771792d1 5 bytes [B8, 39, 69, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                                                                               00000000771792d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                                                                                    0000000077191330 6 bytes [48, B8, F9, EF, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                                                                                0000000077191338 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                                        00000000771913a0 6 bytes [48, B8, 39, BD, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                                                                                    00000000771913a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                                                                        0000000077191470 6 bytes [48, B8, F9, A9, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                                                                    0000000077191478 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                  0000000077191510 6 bytes [48, B8, F9, 32, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                                                                              0000000077191518 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                             0000000077191530 6 bytes [48, B8, 39, 1C, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                                                                         0000000077191538 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                                                                           0000000077191550 6 bytes [48, B8, F9, 1D, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                                                                       0000000077191558 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                             0000000077191570 6 bytes [48, B8, 39, A8, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                                                                         0000000077191578 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                  0000000077191620 6 bytes [48, B8, 79, EC, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                                                                              0000000077191628 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                           0000000077191650 6 bytes [48, B8, 79, 2F, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                                                                       0000000077191658 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                              0000000077191670 6 bytes [48, B8, 79, 36, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                                                                          0000000077191678 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                               0000000077191700 6 bytes [48, B8, B9, 34, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                                                                           0000000077191708 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                0000000077191750 6 bytes [48, B8, B9, F1, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                                                                            0000000077191758 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                                                                              0000000077191780 6 bytes [48, B8, 39, 2A, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                                                                          0000000077191788 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                 0000000077191790 6 bytes [48, B8, B9, 26, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                                                                             0000000077191798 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                                                   0000000077191800 6 bytes [48, B8, 39, EE, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                                                                               0000000077191808 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                                                                  00000000771918b0 6 bytes [48, B8, 39, F5, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                                                                              00000000771918b8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                 0000000077191c80 6 bytes [48, B8, B9, EA, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                                                                             0000000077191c88 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                                                                0000000077191cd0 6 bytes [48, B8, 79, 28, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                                                                            0000000077191cd8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                               0000000077191d30 6 bytes [48, B8, F9, 24, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                                                                           0000000077191d38 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                   00000000771920a0 6 bytes [48, B8, F9, BE, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                                                                               00000000771920a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                                                                               00000000771925e0 6 bytes [48, B8, 79, 83, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                                                                           00000000771925e8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                             00000000771927e0 6 bytes [48, B8, 39, 31, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                                                                         00000000771927e8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                         00000000771929a0 6 bytes [48, B8, B9, C0, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                                                                     00000000771929a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                               0000000077192a80 6 bytes [48, B8, 79, 3D, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                                                                           0000000077192a88 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                0000000077192a90 6 bytes [48, B8, B9, 3B, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                                                                            0000000077192a98 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                           0000000077192aa0 6 bytes [48, B8, 79, F3, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                                                                       0000000077192aa8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                   0000000077192b80 6 bytes [48, B8, 79, E5, 65, 73]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                                                                               0000000077192b88 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                                                                         0000000077203201 11 bytes [B8, 39, 85, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                                                                          0000000076f21b21 11 bytes [B8, 79, BB, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                                                    0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6                                                                                                                                                0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                                                                             0000000076f22b61 8 bytes [B8, 79, D0, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                                                                            0000000076f22b6a 2 bytes [50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                                      0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                                                                         0000000076f40931 11 bytes [B8, B9, E3, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                                                                       0000000076f752f1 11 bytes [B8, B9, 7A, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                                                                       0000000076f75311 11 bytes [B8, 39, 77, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                                                                0000000076f8a5e0 12 bytes [48, B8, B9, 81, 65, 73, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                                                                0000000076f8a6f0 12 bytes [48, B8, 39, 7E, 65, 73, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                                                                                   0000000076faf491 11 bytes [B8, 79, D7, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                                                                                   0000000076faf691 11 bytes [B8, F9, D3, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                                                                             0000000076faf6c1 8 bytes [B8, F9, CC, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                                                                            0000000076faf6ca 2 bytes [50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                                                                           000007fefd061861 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                                           000007fefd062db1 11 bytes [B8, 39, AF, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                                                                        000007fefd063461 11 bytes [B8, F9, B0, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                            000007fefd068ef0 12 bytes [48, B8, 79, AD, 65, 73, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                                              000007fefd0694c0 12 bytes [48, B8, B9, 50, 65, 73, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                                        000007fefd06bfd1 11 bytes [B8, B9, AB, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                                            000007fefd072af1 11 bytes [B8, F9, 4E, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                                                                        000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                                      000007fefd0a0c11 11 bytes [B8, 79, C9, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                                                                    000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                                                                   000007fefd0a287a 2 bytes [50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                                                                          000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                                                                   000007fefd9213b1 11 bytes [B8, 79, A6, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                                                                   000007fefd9218e0 12 bytes [48, B8, B9, A4, 65, 73, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                                                                                000007fefd921bd1 11 bytes [B8, F9, A2, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                                                                   000007fefd922201 11 bytes [B8, 39, E0, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                                                                  000007fefd9223c0 12 bytes [48, B8, 39, 8C, 65, 73, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!connect                                                                                                                                                                       000007fefd9245c0 12 bytes [48, B8, 79, 67, 65, 73, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                                                                      000007fefd928001 11 bytes [B8, 39, A1, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                                                                                 000007fefd928df0 7 bytes [48, B8, B9, 8F, 65, 73, 00]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                                                                             000007fefd928df9 3 bytes [00, 50, C3]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                                                                                000007fefd92c090 12 bytes [48, B8, F9, 8D, 65, 73, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                                                                    000007fefd92de91 11 bytes [B8, 39, D9, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                                                                      000007fefd92df41 11 bytes [B8, 79, DE, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                                                                000007fefd94e0f1 11 bytes [B8, B9, DC, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                                                                                                          000007fefedc4ea1 11 bytes [B8, B9, F8, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                                                                              000007fefedc55c8 12 bytes [48, B8, B9, 6C, 65, 73, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                                                                              000007fefeddb85c 12 bytes [48, B8, F9, 6A, 65, 73, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                                                                                                        000007fefeddb9d0 12 bytes [48, B8, 79, 60, 65, 73, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA                                                                                                                                                        000007fefeddba3c 12 bytes [48, B8, B9, 5E, 65, 73, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                                           000007fefd39642d 11 bytes [B8, 39, 5B, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                                                 000007fefd396484 12 bytes [48, B8, F9, 55, 65, 73, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                                       000007fefd396519 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                                                 000007fefd396c34 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                                            000007fefd397ab5 11 bytes [B8, F9, 5C, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                                        000007fefd398b01 11 bytes [B8, B9, 57, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                                        000007fefd398c39 11 bytes [B8, 79, 59, 65, 73, 00, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8                                                                                                                                                                 000007fefc5656e0 12 bytes [48, B8, F9, C5, 65, 73, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\DNSAPI.dll!DnsQuery_W                                                                                                                                                                    000007fefc57010c 12 bytes [48, B8, 39, C4, 65, 73, 00, ...]
.text    C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\DNSAPI.dll!DnsQuery_A
         

Alt 02.02.2015, 17:54   #7
Phil101
 
Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp - Standard

Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp



Teil 3
Code:
ATTFilter
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                                                         0000000076f21b21 11 bytes [B8, 79, BB, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                                   0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6                                                                                                                               0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                                                            0000000076f22b61 8 bytes [B8, 79, D0, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                                                           0000000076f22b6a 2 bytes [50, C3]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                     0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                                                        0000000076f40931 11 bytes [B8, B9, E3, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                                                      0000000076f752f1 11 bytes [B8, B9, 7A, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                                                      0000000076f75311 11 bytes [B8, 39, 77, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                                               0000000076f8a5e0 12 bytes [48, B8, B9, 81, 65, 73, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                                               0000000076f8a6f0 12 bytes [48, B8, 39, 7E, 65, 73, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                                                                  0000000076faf491 11 bytes [B8, 79, D7, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                                                                  0000000076faf691 11 bytes [B8, F9, D3, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                                                            0000000076faf6c1 8 bytes [B8, F9, CC, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                                                           0000000076faf6ca 2 bytes [50, C3]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                                                          000007fefd061861 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                          000007fefd062db1 11 bytes [B8, 39, AF, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                                                       000007fefd063461 11 bytes [B8, F9, B0, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                           000007fefd068ef0 12 bytes [48, B8, 79, AD, 65, 73, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                             000007fefd0694c0 12 bytes [48, B8, B9, 50, 65, 73, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                       000007fefd06bfd1 11 bytes [B8, B9, AB, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                           000007fefd072af1 11 bytes [B8, F9, 4E, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                                                       000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                     000007fefd0a0c11 11 bytes [B8, 79, C9, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                                                   000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                                                  000007fefd0a287a 2 bytes [50, C3]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                                                         000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                          000007fefd39642d 11 bytes [B8, 39, 5B, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                                000007fefd396484 12 bytes [48, B8, F9, 55, 65, 73, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                      000007fefd396519 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                                000007fefd396c34 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                           000007fefd397ab5 11 bytes [B8, F9, 5C, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                       000007fefd398b01 11 bytes [B8, B9, 57, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE[2468] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                       000007fefd398c39 11 bytes [B8, 79, 59, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                                                         0000000076f21b21 11 bytes [B8, 79, BB, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                                   0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6                                                                                                                               0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                                                            0000000076f22b61 8 bytes [B8, 79, D0, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                                                           0000000076f22b6a 2 bytes [50, C3]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                     0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                                                        0000000076f40931 11 bytes [B8, B9, E3, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                                                      0000000076f752f1 11 bytes [B8, B9, 7A, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                                                      0000000076f75311 11 bytes [B8, 39, 77, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                                               0000000076f8a5e0 12 bytes [48, B8, B9, 81, 65, 73, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                                               0000000076f8a6f0 12 bytes [48, B8, 39, 7E, 65, 73, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                                                                  0000000076faf491 11 bytes [B8, 79, D7, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                                                                  0000000076faf691 11 bytes [B8, F9, D3, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                                                            0000000076faf6c1 8 bytes [B8, F9, CC, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                                                           0000000076faf6ca 2 bytes [50, C3]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                                                          000007fefd061861 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                          000007fefd062db1 11 bytes [B8, 39, AF, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                                                       000007fefd063461 11 bytes [B8, F9, B0, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                           000007fefd068ef0 12 bytes [48, B8, 79, AD, 65, 73, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                             000007fefd0694c0 12 bytes [48, B8, B9, 50, 65, 73, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                       000007fefd06bfd1 11 bytes [B8, B9, AB, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                           000007fefd072af1 11 bytes [B8, F9, 4E, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                                                       000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                     000007fefd0a0c11 11 bytes [B8, 79, C9, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                                                   000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                                                  000007fefd0a287a 2 bytes [50, C3]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                                                         000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                          000007fefd39642d 11 bytes [B8, 39, 5B, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                                000007fefd396484 12 bytes [48, B8, F9, 55, 65, 73, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                      000007fefd396519 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                                000007fefd396c34 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                           000007fefd397ab5 11 bytes [B8, F9, 5C, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                       000007fefd398b01 11 bytes [B8, B9, 57, 65, 73, 00, 00, ...]
.text    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE[2504] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                       000007fefd398c39 11 bytes [B8, 79, 59, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                                                                                          00000000771792d1 5 bytes [B8, 39, 69, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                                                                                          00000000771792d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                                                                                               0000000077191330 6 bytes [48, B8, B9, EA, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                                                                                           0000000077191338 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                                                   00000000771913a0 6 bytes [48, B8, 39, BD, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                                                                                               00000000771913a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                                                                                   0000000077191470 6 bytes [48, B8, F9, A9, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                                                                               0000000077191478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                             0000000077191510 6 bytes [48, B8, F9, 32, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                                                                                         0000000077191518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                        0000000077191530 6 bytes [48, B8, 39, 1C, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                                                                                    0000000077191538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                                                                                      0000000077191550 6 bytes [48, B8, F9, 1D, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                                                                                  0000000077191558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                        0000000077191570 6 bytes [48, B8, 39, A8, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                                                                                    0000000077191578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                             0000000077191620 6 bytes [48, B8, 39, E7, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                                                                                         0000000077191628 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                      0000000077191650 6 bytes [48, B8, 79, 2F, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                                                                                  0000000077191658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                         0000000077191670 6 bytes [48, B8, 79, 36, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                                                                                     0000000077191678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                          0000000077191700 6 bytes [48, B8, B9, 34, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                                                                                      0000000077191708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                           0000000077191750 6 bytes [48, B8, 79, EC, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                                                                                       0000000077191758 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                                                                                         0000000077191780 6 bytes [48, B8, 39, 2A, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                                                                                     0000000077191788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                            0000000077191790 6 bytes [48, B8, B9, 26, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                                                                                        0000000077191798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                                                              0000000077191800 6 bytes [48, B8, F9, E8, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                                                                                          0000000077191808 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                                                                             00000000771918b0 6 bytes [48, B8, F9, EF, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                                                                                         00000000771918b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                            0000000077191c80 6 bytes [48, B8, 79, E5, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                                                                                        0000000077191c88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                                                                           0000000077191cd0 6 bytes [48, B8, 79, 28, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                                                                                       0000000077191cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                          0000000077191d30 6 bytes [48, B8, F9, 24, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                                                                                      0000000077191d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                              00000000771920a0 6 bytes [48, B8, F9, BE, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                                                                                          00000000771920a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                                                                                          00000000771925e0 6 bytes [48, B8, 79, 83, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                                                                                      00000000771925e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                        00000000771927e0 6 bytes [48, B8, 39, 31, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                                                                                    00000000771927e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                    00000000771929a0 6 bytes [48, B8, B9, C0, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                                                                                00000000771929a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                          0000000077192a80 6 bytes [48, B8, 79, 3D, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                                                                                      0000000077192a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                           0000000077192a90 6 bytes [48, B8, B9, 3B, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                                                                                       0000000077192a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                      0000000077192aa0 6 bytes [48, B8, 39, EE, 65, 73]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                                                                                  0000000077192aa8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                                                                                    0000000077203201 11 bytes [B8, 39, 85, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                                                                                     0000000076f21b21 11 bytes [B8, 79, BB, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                                                               0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6                                                                                                                                                           0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                                                                                        0000000076f22b61 8 bytes [B8, 79, D0, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                                                                                       0000000076f22b6a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                                                 0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                                                                                    0000000076f40931 11 bytes [B8, B9, E3, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                                                                                  0000000076f752f1 11 bytes [B8, B9, 7A, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                                                                                  0000000076f75311 11 bytes [B8, 39, 77, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                                                                           0000000076f8a5e0 12 bytes [48, B8, B9, 81, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                                                                           0000000076f8a6f0 12 bytes [48, B8, 39, 7E, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                                                                                              0000000076faf491 11 bytes [B8, 79, D7, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                                                                                              0000000076faf691 11 bytes [B8, F9, D3, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                                                                                        0000000076faf6c1 8 bytes [B8, F9, CC, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                                                                                       0000000076faf6ca 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                                                                                      000007fefd061861 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                                                      000007fefd062db1 11 bytes [B8, 39, AF, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                                                                                   000007fefd063461 11 bytes [B8, F9, B0, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                                       000007fefd068ef0 12 bytes [48, B8, 79, AD, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                                                         000007fefd0694c0 12 bytes [48, B8, B9, 50, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                                                   000007fefd06bfd1 11 bytes [B8, B9, AB, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                                                       000007fefd072af1 11 bytes [B8, F9, 4E, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                                                                                   000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                                                 000007fefd0a0c11 11 bytes [B8, 79, C9, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                                                                               000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                                                                              000007fefd0a287a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                                                                                     000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                                                      000007fefd39642d 11 bytes [B8, 39, 5B, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                                                            000007fefd396484 12 bytes [48, B8, F9, 55, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                                                  000007fefd396519 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                                                            000007fefd396c34 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                                                       000007fefd397ab5 11 bytes [B8, F9, 5C, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                                                   000007fefd398b01 11 bytes [B8, B9, 57, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                                                   000007fefd398c39 11 bytes [B8, 79, 59, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                                                                              000007fefd9213b1 11 bytes [B8, 79, A6, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                                                                              000007fefd9218e0 12 bytes [48, B8, B9, A4, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                                                                                           000007fefd921bd1 11 bytes [B8, F9, A2, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                                                                              000007fefd922201 11 bytes [B8, 39, E0, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                                                                             000007fefd9223c0 12 bytes [48, B8, 39, 8C, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\WS2_32.dll!connect                                                                                                                                                                                  000007fefd9245c0 12 bytes [48, B8, 79, 67, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                                                                                 000007fefd928001 11 bytes [B8, 39, A1, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                                                                                            000007fefd928df0 7 bytes [48, B8, B9, 8F, 65, 73, 00]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                                                                                        000007fefd928df9 3 bytes [00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                                                                                           000007fefd92c090 12 bytes [48, B8, F9, 8D, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                                                                               000007fefd92de91 11 bytes [B8, 39, D9, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                                                                                 000007fefd92df41 11 bytes [B8, 79, DE, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2532] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                                                                           000007fefd94e0f1 11 bytes [B8, B9, DC, 65, 73, 00, 00, ...]
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                              0000000076d91465 2 bytes [D9, 76]
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                             0000000076d914bb 2 bytes [D9, 76]
.text    ...                                                                                                                                                                                                                                                           * 2
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtReadFile                                                                                                                                                                     000000007733f8f0 5 bytes JMP 0000000171f06f99
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                                                                                                                                    000000007733f928 5 bytes JMP 0000000171f07621
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                                                                        000000007733f9e0 5 bytes JMP 0000000171f06619
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                                                                                                                        000000007733fb28 5 bytes JMP 0000000171f06029
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                                                                                                                  000000007733fc20 5 bytes JMP 0000000171f031d9
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                                                                                             000000007733fc50 5 bytes JMP 0000000171f015f1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                                                                                                           000000007733fc80 5 bytes JMP 0000000171f01689
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                                                                             000000007733fcb0 5 bytes JMP 0000000171f05f91
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                                                                                  000000007733fdc8 5 bytes JMP 0000000171f07589
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                           000000007733fe14 5 bytes JMP 0000000171f030a9
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                                                                                              000000007733fe44 5 bytes JMP 0000000171f03309
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                                                                                                               000000007733ff24 5 bytes JMP 0000000171f03271
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                                                                                000000007733ffa4 5 bytes JMP 0000000171f076b9
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                                                                                                                              000000007733ffec 5 bytes JMP 0000000171f02ee1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                                                                                 0000000077340004 5 bytes JMP 0000000171f02db1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                                                                   00000000773400b4 5 bytes JMP 0000000171f01ed9
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                                                                                  00000000773401c4 5 bytes JMP 0000000171f02301
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                                                                                                 000000007734079c 5 bytes JMP 0000000171f074f1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                                                                                                                                0000000077340814 5 bytes JMP 0000000171f02e49
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                                                                               00000000773408a4 5 bytes JMP 0000000171f02d19
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                                                                                   0000000077340df4 5 bytes JMP 0000000171f066b1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                                                                                                                               0000000077341604 5 bytes JMP 0000000171f04ac9
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                                                                                             0000000077341920 5 bytes JMP 0000000171f03141
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                                                                         0000000077341be4 5 bytes JMP 0000000171f06749
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                                                                                                                               0000000077341d54 5 bytes JMP 0000000171f03439
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                                                                                                0000000077341d70 5 bytes JMP 0000000171f033a1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                                                                           0000000077341d8c 5 bytes JMP 0000000171f07751
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                                                                                                                                   0000000077341ee8 5 bytes JMP 0000000171f07329
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                                                                                                                                     00000000773588c4 5 bytes JMP 0000000171f01ab1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                                                                                                                                   0000000077380d3b 5 bytes JMP 0000000171f02009
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                                                                                                                             00000000773c860f 5 bytes JMP 0000000171f04b61
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                                                                                                                                     00000000773ce8ab 5 bytes JMP 0000000171f01f71
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                                                                                                                             00000000754c0e00 5 bytes JMP 0000000171f01da9
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                                                                              00000000754c1072 5 bytes JMP 0000000171f02a21
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                                                                                                                00000000754c499f 5 bytes JMP 0000000171f025f9
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                                                                                                      00000000754d3bbb 5 bytes JMP 0000000171f03011
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                                                                                                                       00000000754d9aa4 5 bytes JMP 0000000171f06f01
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                                                                                                                 00000000754d9b05 5 bytes JMP 0000000171f06ca1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                                                    00000000754e7327 5 bytes JMP 0000000171f02729
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                                                                                                                              00000000754e88da 5 bytes JMP 0000000171f06581
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                                                                                                                 00000000754eccb1 5 bytes JMP 0000000171f06b71
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA                                                                                                                                                       00000000754eccd1 5 bytes JMP 0000000171f06dd1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                                                                                                     0000000075542ff1 5 bytes JMP 0000000171f028f1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                                                                                                                           000000007556748b 5 bytes JMP 0000000171f046a1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                                                                                                                           00000000755674ae 5 bytes JMP 0000000171f047d1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                                                                                                                                0000000075567859 5 bytes JMP 0000000171f04901
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                                                                                                                                00000000755678d2 5 bytes JMP 0000000171f04a31
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                                                                                                                                                   0000000075948f8d 5 bytes JMP 0000000171f01a19
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle                                                                                                                                                               000000007594c436 5 bytes JMP 0000000171f03b59
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                                                                                                                                        000000007594eca6 5 bytes JMP 0000000171f03601
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess                                                                                                                                                               000000007594f206 5 bytes JMP 0000000171f02399
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                                                                                                                                           000000007594fa89 5 bytes JMP 0000000171f01e41
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW                                                                                                                                                          000000007594fbb7 5 bytes JMP 0000000171f06a41
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW                                                                                                                                                              0000000075951358 5 bytes JMP 0000000171f03ac1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW                                                                                                                                                                000000007595137f 5 bytes JMP 0000000171f03a29
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                                                                          0000000075951d29 5 bytes JMP 0000000171f01981
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress                                                                                                                                                            0000000075951e15 5 bytes JMP 0000000171f024c9
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                            0000000075952ab1 5 bytes JMP 0000000171f06159
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                                                                                                                                            0000000075952cd9 5 bytes JMP 0000000171f060c1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                                                                               0000000075952d17 5 bytes JMP 0000000171f061f1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                                                                                                                                          0000000075952e7a 5 bytes JMP 0000000171f018e9
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!SleepEx                                                                                                                                                                   0000000075953b70 5 bytes JMP 0000000171f02269
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!Sleep                                                                                                                                                                     0000000075954496 5 bytes JMP 0000000171f02431
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!CreateThread                                                                                                                                                              0000000075954608 5 bytes JMP 0000000171f03569
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                                                                                                                                        0000000075954631 5 bytes JMP 0000000171f02c81
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA                                                                                                                                                               000000007595c734 5 bytes JMP 0000000171f027c1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\msvcrt.dll!_lock + 41                                                                                                                                                                    000000007607a472 5 bytes JMP 0000000171f077e9
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\msvcrt.dll!__p__fmode                                                                                                                                                                    00000000760827ce 5 bytes JMP 0000000171f01be1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\msvcrt.dll!__p__environ                                                                                                                                                                  000000007608e6cf 5 bytes JMP 0000000171f01b49
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                                                                                                                   0000000075d778e2 5 bytes JMP 0000000171f04441
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                                                                                                                   0000000075d77bd3 5 bytes JMP 0000000171f043a9
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                                                                               0000000075d78a29 5 bytes JMP 0000000171f05909
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!FindWindowW                                                                                                                                                                   0000000075d798fd 5 bytes JMP 0000000171f063b9
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize                                                                                                                                                       0000000075d7b6ed 5 bytes JMP 0000000171f07881
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                                                                                                               0000000075d7d22e 5 bytes JMP 0000000171f059a1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                                                                                               0000000075d7ee09 5 bytes JMP 0000000171f034d1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!FindWindowA                                                                                                                                                                   0000000075d7ffe6 5 bytes JMP 0000000171f06289
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!FindWindowExA                                                                                                                                                                 0000000075d800d9 5 bytes JMP 0000000171f06321
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                                                                                                                  0000000075d805ba 5 bytes JMP 0000000171f04571
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!ShowWindow                                                                                                                                                                    0000000075d80dfb 5 bytes JMP 0000000171f05a39
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                                                                                  0000000075d812a5 5 bytes JMP 0000000171f07459
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                                                                                                                                0000000075d820ec 5 bytes JMP 0000000171f05dc9
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                                                                                  0000000075d83baa 5 bytes JMP 0000000171f073c1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                                                                                                                  0000000075d85f74 5 bytes JMP 0000000171f044d9
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!CallNextHookEx                                                                                                                                                                0000000075d86285 5 bytes JMP 0000000171f04bf9
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                                                                                             0000000075d87603 5 bytes JMP 0000000171f02be9
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                                                                                                                                0000000075d87aee 5 bytes JMP 0000000171f05d31
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                                                                                             0000000075d8835c 5 bytes JMP 0000000171f02b51
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                                                                                                                                                    0000000075d9ce54 5 bytes JMP 0000000171f05b69
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                                                                                                           0000000075d9f52b 5 bytes JMP 0000000171f04c91
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!FindWindowExW                                                                                                                                                                 0000000075d9f588 5 bytes JMP 0000000171f06451
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                                                                                                                                                 0000000075da10a0 5 bytes JMP 0000000171f05ad1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                                                                                                                 0000000075dcfcd6 5 bytes JMP 0000000171f05c01
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                                                                                                                 0000000075dcfcfa 5 bytes JMP 0000000171f05c99
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW                                                                                                                                                                0000000074d2c9ec 5 bytes JMP 0000000171f03c89
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA                                                                                                                                                                0000000074d32b70 5 bytes JMP 0000000171f03bf1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                                                                                                                                          0000000074d3361c 5 bytes JMP 0000000171f040b1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                                                                                                                                         0000000074d34965 5 bytes JMP 0000000171f07919
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                                                                                                              0000000074d470c4 5 bytes JMP 0000000171f04311
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\ADVAPI32.dll!ControlService                                                                                                                                                              0000000074d470dc 5 bytes JMP 0000000171f03e51
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\ADVAPI32.dll!DeleteService                                                                                                                                                               0000000074d470f4 5 bytes JMP 0000000171f03ee9
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                                                                                                                                        0000000074d631f4 5 bytes JMP 0000000171f03f81
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                                                                                                                                        0000000074d63204 5 bytes JMP 0000000171f04019
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA                                                                                                                                                           0000000074d63214 5 bytes JMP 0000000171f03d21
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW                                                                                                                                                           0000000074d63224 5 bytes JMP 0000000171f03db9
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                                                                                                              0000000074d63264 5 bytes JMP 0000000171f04279
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                                                                                                                                            0000000076150179 5 bytes JMP 0000000171f04d29
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\WS2_32.dll!closesocket                                                                                                                                                                   0000000075773918 5 bytes JMP 0000000171f05ef9
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\WS2_32.dll!WSASocketW                                                                                                                                                                    0000000075773cd3 5 bytes JMP 0000000171f05e61
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\WS2_32.dll!socket                                                                                                                                                                        0000000075773eb8 5 bytes JMP 0000000171f07031
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\WS2_32.dll!WSASend                                                                                                                                                                       0000000075774406 5 bytes JMP 0000000171f02139
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW                                                                                                                                                                  0000000075774889 5 bytes JMP 0000000171f05741
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\WS2_32.dll!recv                                                                                                                                                                          0000000075776b0e 5 bytes JMP 0000000171f071f9
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\WS2_32.dll!connect                                                                                                                                                                       0000000075776bdd 1 byte JMP 0000000171f041e1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\WS2_32.dll!connect + 2                                                                                                                                                                   0000000075776bdf 3 bytes {CALL RBP}
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\WS2_32.dll!send                                                                                                                                                                          0000000075776f01 5 bytes JMP 0000000171f020a1
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\WS2_32.dll!WSARecv                                                                                                                                                                       0000000075777089 5 bytes JMP 0000000171f07291
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                                                                                                                                                    000000007577cc3f 5 bytes JMP 0000000171f07161
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW                                                                                                                                                                000000007577d1ea 5 bytes JMP 0000000171f057d9
.text    C:\ProgramData\MobileBrServ\mbbservice.exe[2764] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                                                                                                                                 0000000075787673 5 bytes JMP 0000000171f05871
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                                                                                                     000000007733f928 5 bytes JMP 0000000171f06c09
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                                         000000007733f9e0 5 bytes JMP 0000000171f05c99
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                                                                                         000000007733fb28 5 bytes JMP 0000000171f056a9
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                                                                                   000000007733fc20 5 bytes JMP 0000000171f031d9
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                                                              000000007733fc50 5 bytes JMP 0000000171f015f1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                                                                            000000007733fc80 5 bytes JMP 0000000171f01689
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                                              000000007733fcb0 5 bytes JMP 0000000171f05611
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                                                   000000007733fdc8 5 bytes JMP 0000000171f06b71
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                                                            000000007733fe14 5 bytes JMP 0000000171f030a9
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                                                               000000007733fe44 5 bytes JMP 0000000171f03309
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                                                                                000000007733ff24 5 bytes JMP 0000000171f03271
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                                                 000000007733ffa4 5 bytes JMP 0000000171f06ca1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                                                                                               000000007733ffec 5 bytes JMP 0000000171f02ee1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                                                  0000000077340004 5 bytes JMP 0000000171f02db1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                                    00000000773400b4 5 bytes JMP 0000000171f01ed9
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                                                   00000000773401c4 5 bytes JMP 0000000171f02301
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                                                                  000000007734079c 5 bytes JMP 0000000171f06ad9
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                                                                                                 0000000077340814 5 bytes JMP 0000000171f02e49
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                                                00000000773408a4 5 bytes JMP 0000000171f02d19
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                                                    0000000077340df4 5 bytes JMP 0000000171f05d31
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                                                                                                0000000077341604 5 bytes JMP 0000000171f04ac9
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                                                              0000000077341920 5 bytes JMP 0000000171f03141
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                                          0000000077341be4 5 bytes JMP 0000000171f05dc9
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                                                                                                0000000077341d54 5 bytes JMP 0000000171f03439
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                                                                 0000000077341d70 5 bytes JMP 0000000171f033a1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                                            0000000077341d8c 5 bytes JMP 0000000171f06d39
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                                                                                                    0000000077341ee8 5 bytes JMP 0000000171f06911
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                                                                                                      00000000773588c4 5 bytes JMP 0000000171f01ab1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                                                                                                    0000000077380d3b 5 bytes JMP 0000000171f02009
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                                                                                              00000000773c860f 5 bytes JMP 0000000171f04b61
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                                                                                                      00000000773ce8ab 5 bytes JMP 0000000171f01f71
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                                                                                              00000000754c0e00 5 bytes JMP 0000000171f01da9
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                                               00000000754c1072 5 bytes JMP 0000000171f02a21
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                                                                                 00000000754c499f 5 bytes JMP 0000000171f025f9
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW
         

Alt 02.02.2015, 18:07   #8
Phil101
 
Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp - Standard

Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp



Teil 4
Code:
ATTFilter
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                                                                       00000000754d3bbb 5 bytes JMP 0000000171f03011
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                                                                                        00000000754d9aa4 5 bytes JMP 0000000171f06581
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                                                                                  00000000754d9b05 5 bytes JMP 0000000171f06321
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                     00000000754e7327 5 bytes JMP 0000000171f02729
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                                                                                               00000000754e88da 5 bytes JMP 0000000171f05c01
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                                                                                  00000000754eccb1 5 bytes JMP 0000000171f061f1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA                                                                                                                        00000000754eccd1 5 bytes JMP 0000000171f06451
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                                                                      0000000075542ff1 5 bytes JMP 0000000171f028f1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                                                                                            000000007556748b 5 bytes JMP 0000000171f046a1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                                                                                            00000000755674ae 5 bytes JMP 0000000171f047d1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                                                                                                 0000000075567859 5 bytes JMP 0000000171f04901
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                                                                                                 00000000755678d2 5 bytes JMP 0000000171f04a31
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                                                                                                                    0000000075948f8d 5 bytes JMP 0000000171f01a19
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle                                                                                                                                000000007594c436 5 bytes JMP 0000000171f03b59
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                                                                                                         000000007594eca6 5 bytes JMP 0000000171f03601
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess                                                                                                                                000000007594f206 5 bytes JMP 0000000171f02399
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                                                                                                            000000007594fa89 5 bytes JMP 0000000171f01e41
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW                                                                                                                           000000007594fbb7 5 bytes JMP 0000000171f060c1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW                                                                                                                               0000000075951358 5 bytes JMP 0000000171f03ac1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW                                                                                                                                 000000007595137f 5 bytes JMP 0000000171f03a29
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                                           0000000075951d29 5 bytes JMP 0000000171f01981
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress                                                                                                                             0000000075951e15 5 bytes JMP 0000000171f024c9
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                                             0000000075952ab1 5 bytes JMP 0000000171f057d9
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                                                                                                             0000000075952cd9 5 bytes JMP 0000000171f05741
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                                                0000000075952d17 5 bytes JMP 0000000171f05871
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                                                                                                           0000000075952e7a 5 bytes JMP 0000000171f018e9
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!SleepEx                                                                                                                                    0000000075953b70 5 bytes JMP 0000000171f02269
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!Sleep                                                                                                                                      0000000075954496 5 bytes JMP 0000000171f02431
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!CreateThread                                                                                                                               0000000075954608 5 bytes JMP 0000000171f03569
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                                                                                                         0000000075954631 5 bytes JMP 0000000171f02c81
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA                                                                                                                                000000007595c734 5 bytes JMP 0000000171f027c1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                                                                                    0000000075d778e2 5 bytes JMP 0000000171f04441
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                                                                                    0000000075d77bd3 5 bytes JMP 0000000171f043a9
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                                                0000000075d78a29 5 bytes JMP 0000000171f04f89
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!FindWindowW                                                                                                                                    0000000075d798fd 5 bytes JMP 0000000171f05a39
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize                                                                                                                        0000000075d7b6ed 5 bytes JMP 0000000171f06dd1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                                                                                0000000075d7d22e 5 bytes JMP 0000000171f05021
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                                                                0000000075d7ee09 5 bytes JMP 0000000171f034d1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!FindWindowA                                                                                                                                    0000000075d7ffe6 5 bytes JMP 0000000171f05909
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!FindWindowExA                                                                                                                                  0000000075d800d9 5 bytes JMP 0000000171f059a1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                                                                                   0000000075d805ba 5 bytes JMP 0000000171f04571
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!ShowWindow                                                                                                                                     0000000075d80dfb 5 bytes JMP 0000000171f050b9
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                                                   0000000075d812a5 5 bytes JMP 0000000171f06a41
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                                                                                                 0000000075d820ec 5 bytes JMP 0000000171f05449
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                                                   0000000075d83baa 5 bytes JMP 0000000171f069a9
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                                                                                   0000000075d85f74 5 bytes JMP 0000000171f044d9
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!CallNextHookEx                                                                                                                                 0000000075d86285 5 bytes JMP 0000000171f04bf9
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                                                              0000000075d87603 5 bytes JMP 0000000171f02be9
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                                                                                                 0000000075d87aee 5 bytes JMP 0000000171f053b1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                                                              0000000075d8835c 5 bytes JMP 0000000171f02b51
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                                                                                                                     0000000075d9ce54 5 bytes JMP 0000000171f051e9
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                                                                            0000000075d9f52b 5 bytes JMP 0000000171f04c91
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!FindWindowExW                                                                                                                                  0000000075d9f588 5 bytes JMP 0000000171f05ad1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                                                                                                                  0000000075da10a0 5 bytes JMP 0000000171f05151
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                                                                                  0000000075dcfcd6 2 bytes JMP 0000000171f05281
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3                                                                                                                              0000000075dcfcd9 2 bytes [13, FC]
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                                                                                  0000000075dcfcfa 5 bytes JMP 0000000171f05319
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\msvcrt.dll!_lock + 41                                                                                                                                     000000007607a472 5 bytes JMP 0000000171f06e69
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\msvcrt.dll!__p__fmode                                                                                                                                     00000000760827ce 5 bytes JMP 0000000171f01be1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\msvcrt.dll!__p__environ                                                                                                                                   000000007608e6cf 5 bytes JMP 0000000171f01b49
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW                                                                                                                                 0000000074d2c9ec 5 bytes JMP 0000000171f03c89
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA                                                                                                                                 0000000074d32b70 5 bytes JMP 0000000171f03bf1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                                                                                                           0000000074d3361c 5 bytes JMP 0000000171f040b1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                                                                                                          0000000074d34965 5 bytes JMP 0000000171f06f01
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                                                                               0000000074d470c4 5 bytes JMP 0000000171f04311
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\ADVAPI32.dll!ControlService                                                                                                                               0000000074d470dc 5 bytes JMP 0000000171f03e51
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\ADVAPI32.dll!DeleteService                                                                                                                                0000000074d470f4 5 bytes JMP 0000000171f03ee9
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                                                                                                         0000000074d631f4 5 bytes JMP 0000000171f03f81
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                                                                                                         0000000074d63204 5 bytes JMP 0000000171f04019
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA                                                                                                                            0000000074d63214 5 bytes JMP 0000000171f03d21
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW                                                                                                                            0000000074d63224 5 bytes JMP 0000000171f03db9
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                                                                               0000000074d63264 5 bytes JMP 0000000171f04279
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                                                                                                             0000000076150179 5 bytes JMP 0000000171f04d29
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\WS2_32.dll!closesocket                                                                                                                                    0000000075773918 5 bytes JMP 0000000171f05579
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\WS2_32.dll!WSASocketW                                                                                                                                     0000000075773cd3 5 bytes JMP 0000000171f054e1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\WS2_32.dll!socket                                                                                                                                         0000000075773eb8 5 bytes JMP 0000000171f06619
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\WS2_32.dll!WSASend                                                                                                                                        0000000075774406 5 bytes JMP 0000000171f02139
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW                                                                                                                                   0000000075774889 5 bytes JMP 0000000171f04dc1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\WS2_32.dll!recv                                                                                                                                           0000000075776b0e 5 bytes JMP 0000000171f067e1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\WS2_32.dll!connect                                                                                                                                        0000000075776bdd 1 byte JMP 0000000171f041e1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\WS2_32.dll!connect + 2                                                                                                                                    0000000075776bdf 3 bytes {CALL RBP}
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\WS2_32.dll!send                                                                                                                                           0000000075776f01 5 bytes JMP 0000000171f020a1
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\WS2_32.dll!WSARecv                                                                                                                                        0000000075777089 5 bytes JMP 0000000171f06879
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                                                                                                                     000000007577cc3f 5 bytes JMP 0000000171f06749
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW                                                                                                                                 000000007577d1ea 5 bytes JMP 0000000171f04e59
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2856] C:\Windows\syswow64\WS2_32.dll!gethostbyname
         
Teil 5
Code:
ATTFilter
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                                                                            00000000771792d1 5 bytes [B8, 39, 69, 65, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                                                                            00000000771792d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                                                                                 0000000077191330 6 bytes [48, B8, F9, 0B, 66, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                                                                             0000000077191338 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                                     00000000771913a0 6 bytes [48, B8, 39, D9, 65, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                                                                                 00000000771913a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                                                                     0000000077191470 6 bytes [48, B8, F9, C5, 65, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                                                                 0000000077191478 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                               0000000077191510 6 bytes [48, B8, F9, 32, 65, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                                                                           0000000077191518 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                          0000000077191530 6 bytes [48, B8, 39, 1C, 65, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                                                                      0000000077191538 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                                                                        0000000077191550 6 bytes [48, B8, F9, 1D, 65, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                                                                    0000000077191558 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                          0000000077191570 6 bytes [48, B8, 39, C4, 65, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                                                                      0000000077191578 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                               0000000077191620 6 bytes [48, B8, 79, 08, 66, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                                                                           0000000077191628 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                        0000000077191650 6 bytes [48, B8, 79, 2F, 65, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                                                                    0000000077191658 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                           0000000077191670 6 bytes [48, B8, 79, 36, 65, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                                                                       0000000077191678 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                            0000000077191700 6 bytes [48, B8, B9, 34, 65, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                                                                        0000000077191708 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                             0000000077191750 6 bytes [48, B8, B9, 0D, 66, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                                                                         0000000077191758 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                                                                           0000000077191780 6 bytes [48, B8, 39, 2A, 65, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                                                                       0000000077191788 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                              0000000077191790 6 bytes [48, B8, B9, 26, 65, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                                                                          0000000077191798 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                                                0000000077191800 6 bytes [48, B8, 39, 0A, 66, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                                                                            0000000077191808 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                                                               00000000771918b0 6 bytes [48, B8, 39, 11, 66, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                                                                           00000000771918b8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                              0000000077191c80 6 bytes [48, B8, B9, 06, 66, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                                                                          0000000077191c88 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                                                             0000000077191cd0 6 bytes [48, B8, 79, 28, 65, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                                                                         0000000077191cd8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                            0000000077191d30 6 bytes [48, B8, F9, 24, 65, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                                                                        0000000077191d38 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                00000000771920a0 6 bytes [48, B8, F9, DA, 65, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                                                                            00000000771920a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                                                                            00000000771925e0 6 bytes [48, B8, 79, 83, 65, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                                                                        00000000771925e8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                          00000000771927e0 6 bytes [48, B8, 39, 31, 65, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                                                                      00000000771927e8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                      00000000771929a0 6 bytes [48, B8, B9, DC, 65, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                                                                  00000000771929a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                            0000000077192a80 6 bytes [48, B8, 79, 3D, 65, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                                                                        0000000077192a88 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                             0000000077192a90 6 bytes [48, B8, B9, 3B, 65, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                                                                         0000000077192a98 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                        0000000077192aa0 6 bytes [48, B8, 79, 0F, 66, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                                                                    0000000077192aa8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                0000000077192b80 6 bytes [48, B8, 79, 01, 66, 73]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                                                                            0000000077192b88 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                                                                      0000000077203201 11 bytes [B8, 39, 85, 65, 73, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                                                                       0000000076f21b21 11 bytes [B8, 79, D7, 65, 73, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                                                 0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6                                                                                                                                             0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                                                                          0000000076f22b61 8 bytes [B8, 79, EC, 65, 73, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                                                                         0000000076f22b6a 2 bytes [50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                                   0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                                                                      0000000076f40931 11 bytes [B8, B9, FF, 65, 73, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                                                                    0000000076f752f1 11 bytes [B8, B9, 7A, 65, 73, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                                                                    0000000076f75311 11 bytes [B8, 39, 77, 65, 73, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                                                             0000000076f8a5e0 12 bytes [48, B8, B9, 81, 65, 73, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                                                             0000000076f8a6f0 12 bytes [48, B8, 39, 7E, 65, 73, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                                                                                0000000076faf491 11 bytes [B8, 79, F3, 65, 73, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                                                                                0000000076faf691 11 bytes [B8, F9, EF, 65, 73, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                                                                          0000000076faf6c1 8 bytes [B8, F9, E8, 65, 73, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                                                                         0000000076faf6ca 2 bytes [50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                                                                        000007fefd061861 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                                        000007fefd062db1 11 bytes [B8, 39, CB, 65, 73, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                                                                     000007fefd063461 11 bytes [B8, F9, CC, 65, 73, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                         000007fefd068ef0 12 bytes [48, B8, 79, C9, 65, 73, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                                           000007fefd0694c0 12 bytes [48, B8, B9, 50, 65, 73, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                                     000007fefd06bfd1 11 bytes [B8, B9, C7, 65, 73, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                                         000007fefd072af1 11 bytes [B8, F9, 4E, 65, 73, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                                                                     000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                                   000007fefd0a0c11 11 bytes [B8, 79, E5, 65, 73, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                                                                 000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                                                                000007fefd0a287a 2 bytes [50, C3]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                                                                       000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                                                                                                       000007fefedc4ea1 11 bytes [B8, B9, 14, 66, 73, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                                                                           000007fefedc55c8 12 bytes [48, B8, B9, 6C, 65, 73, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                                                                           000007fefeddb85c 12 bytes [48, B8, F9, 6A, 65, 73, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                                                                                                     000007fefeddb9d0 12 bytes [48, B8, 79, 60, 65, 73, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA                                                                                                                                                     000007fefeddba3c 12 bytes [48, B8, B9, 5E, 65, 73, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                                        000007fefd39642d 11 bytes [B8, 39, 5B, 65, 73, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                                              000007fefd396484 12 bytes [48, B8, F9, 55, 65, 73, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                                    000007fefd396519 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                                              000007fefd396c34 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                                         000007fefd397ab5 11 bytes [B8, F9, 5C, 65, 73, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                                     000007fefd398b01 11 bytes [B8, B9, 57, 65, 73, 00, 00, ...]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1
         

Alt 02.02.2015, 18:07   #9
Phil101
 
Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp - Standard

Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp



Teil 6
Code:
ATTFilter
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                                                                                                                     000000007733f928 5 bytes JMP 0000000171f07589
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                                                         000000007733f9e0 5 bytes JMP 0000000171f06619
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                                                                                                         000000007733fb28 5 bytes JMP 0000000171f06029
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                                                                                                   000000007733fc20 5 bytes JMP 0000000171f031d9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                                                                              000000007733fc50 5 bytes JMP 0000000171f015f1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                                                                                            000000007733fc80 5 bytes JMP 0000000171f01689
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                                                              000000007733fcb0 5 bytes JMP 0000000171f05f91
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                                                                   000000007733fdc8 5 bytes JMP 0000000171f074f1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                                                                            000000007733fe14 5 bytes JMP 0000000171f030a9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                                                                               000000007733fe44 5 bytes JMP 0000000171f03309
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                                                                                                000000007733ff24 5 bytes JMP 0000000171f03271
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                                                                 000000007733ffa4 5 bytes JMP 0000000171f07621
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                                                                                                               000000007733ffec 5 bytes JMP 0000000171f02ee1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                                                                  0000000077340004 5 bytes JMP 0000000171f02db1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                                                    00000000773400b4 5 bytes JMP 0000000171f01ed9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                                                                   00000000773401c4 5 bytes JMP 0000000171f02301
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                                                                                  000000007734079c 5 bytes JMP 0000000171f07459
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                                                                                                                 0000000077340814 5 bytes JMP 0000000171f02e49
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                                                                00000000773408a4 5 bytes JMP 0000000171f02d19
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                                                                    0000000077340df4 5 bytes JMP 0000000171f066b1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                                                                                                                0000000077341604 5 bytes JMP 0000000171f04ac9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                                                                              0000000077341920 5 bytes JMP 0000000171f03141
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                                                          0000000077341be4 5 bytes JMP 0000000171f06749
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                                                                                                                0000000077341d54 5 bytes JMP 0000000171f03439
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                                                                                 0000000077341d70 5 bytes JMP 0000000171f033a1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                                                            0000000077341d8c 5 bytes JMP 0000000171f076b9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                                                                                                                    0000000077341ee8 5 bytes JMP 0000000171f07291
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                                                                                                                      00000000773588c4 5 bytes JMP 0000000171f01ab1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                                                                                                                    0000000077380d3b 5 bytes JMP 0000000171f02009
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                                                                                                              00000000773c860f 5 bytes JMP 0000000171f04b61
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                                                                                                                      00000000773ce8ab 5 bytes JMP 0000000171f01f71
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                                                                                                              00000000754c0e00 5 bytes JMP 0000000171f01da9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                                                               00000000754c1072 5 bytes JMP 0000000171f02a21
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                                                                                                 00000000754c499f 5 bytes JMP 0000000171f025f9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                                                                                       00000000754d3bbb 5 bytes JMP 0000000171f03011
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                                                                                                        00000000754d9aa4 5 bytes JMP 0000000171f06f01
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                                                                                                  00000000754d9b05 5 bytes JMP 0000000171f06ca1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                                     00000000754e7327 5 bytes JMP 0000000171f02729
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                                                                                                               00000000754e88da 5 bytes JMP 0000000171f06581
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                                                                                                  00000000754eccb1 5 bytes JMP 0000000171f06b71
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA                                                                                                                                        00000000754eccd1 5 bytes JMP 0000000171f06dd1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                                                                                      0000000075542ff1 5 bytes JMP 0000000171f028f1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                                                                                                            000000007556748b 5 bytes JMP 0000000171f046a1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                                                                                                            00000000755674ae 5 bytes JMP 0000000171f047d1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                                                                                                                 0000000075567859 5 bytes JMP 0000000171f04901
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                                                                                                                 00000000755678d2 5 bytes JMP 0000000171f04a31
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                                                                                                                                    0000000075948f8d 5 bytes JMP 0000000171f01a19
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle                                                                                                                                                000000007594c436 5 bytes JMP 0000000171f03b59
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                                                                                                                         000000007594eca6 5 bytes JMP 0000000171f03601
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess                                                                                                                                                000000007594f206 5 bytes JMP 0000000171f02399
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                                                                                                                            000000007594fa89 5 bytes JMP 0000000171f01e41
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW                                                                                                                                           000000007594fbb7 5 bytes JMP 0000000171f06a41
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW                                                                                                                                               0000000075951358 5 bytes JMP 0000000171f03ac1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW                                                                                                                                                 000000007595137f 5 bytes JMP 0000000171f03a29
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                                                           0000000075951d29 5 bytes JMP 0000000171f01981
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress                                                                                                                                             0000000075951e15 5 bytes JMP 0000000171f024c9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                                                             0000000075952ab1 5 bytes JMP 0000000171f06159
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                                                                                                                             0000000075952cd9 5 bytes JMP 0000000171f060c1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                                                                0000000075952d17 5 bytes JMP 0000000171f061f1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                                                                                                                           0000000075952e7a 5 bytes JMP 0000000171f018e9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!SleepEx                                                                                                                                                    0000000075953b70 5 bytes JMP 0000000171f02269
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!Sleep                                                                                                                                                      0000000075954496 5 bytes JMP 0000000171f02431
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!CreateThread                                                                                                                                               0000000075954608 5 bytes JMP 0000000171f03569
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                                                                                                                         0000000075954631 5 bytes JMP 0000000171f02c81
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA                                                                                                                                                000000007595c734 5 bytes JMP 0000000171f027c1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\msvcrt.dll!_lock + 41                                                                                                                                                     000000007607a472 5 bytes JMP 0000000171f07751
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\msvcrt.dll!__p__fmode                                                                                                                                                     00000000760827ce 5 bytes JMP 0000000171f01be1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\msvcrt.dll!__p__environ                                                                                                                                                   000000007608e6cf 5 bytes JMP 0000000171f01b49
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                                                                                                    0000000075d778e2 5 bytes JMP 0000000171f04441
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                                                                                                    0000000075d77bd3 5 bytes JMP 0000000171f043a9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                                                                0000000075d78a29 5 bytes JMP 0000000171f05909
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!FindWindowW                                                                                                                                                    0000000075d798fd 5 bytes JMP 0000000171f063b9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize                                                                                                                                        0000000075d7b6ed 5 bytes JMP 0000000171f077e9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                                                                                                0000000075d7d22e 5 bytes JMP 0000000171f059a1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                                                                                0000000075d7ee09 5 bytes JMP 0000000171f034d1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!FindWindowA                                                                                                                                                    0000000075d7ffe6 5 bytes JMP 0000000171f06289
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!FindWindowExA                                                                                                                                                  0000000075d800d9 5 bytes JMP 0000000171f06321
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                                                                                                   0000000075d805ba 5 bytes JMP 0000000171f04571
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!ShowWindow                                                                                                                                                     0000000075d80dfb 5 bytes JMP 0000000171f05a39
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                                                                   0000000075d812a5 5 bytes JMP 0000000171f073c1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                                                                                                                 0000000075d820ec 5 bytes JMP 0000000171f05dc9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                                                                   0000000075d83baa 5 bytes JMP 0000000171f07329
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                                                                                                   0000000075d85f74 5 bytes JMP 0000000171f044d9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!CallNextHookEx                                                                                                                                                 0000000075d86285 5 bytes JMP 0000000171f04bf9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                                                                              0000000075d87603 5 bytes JMP 0000000171f02be9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                                                                                                                 0000000075d87aee 5 bytes JMP 0000000171f05d31
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                                                                              0000000075d8835c 5 bytes JMP 0000000171f02b51
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                                                                                                                                     0000000075d9ce54 5 bytes JMP 0000000171f05b69
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                                                                                            0000000075d9f52b 5 bytes JMP 0000000171f04c91
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!FindWindowExW                                                                                                                                                  0000000075d9f588 5 bytes JMP 0000000171f06451
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                                                                                                                                  0000000075da10a0 5 bytes JMP 0000000171f05ad1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                                                                                                  0000000075dcfcd6 5 bytes JMP 0000000171f05c01
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                                                                                                  0000000075dcfcfa 5 bytes JMP 0000000171f05c99
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW                                                                                                                                                 0000000074d2c9ec 5 bytes JMP 0000000171f03c89
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA                                                                                                                                                 0000000074d32b70 5 bytes JMP 0000000171f03bf1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                                                                                                                           0000000074d3361c 5 bytes JMP 0000000171f040b1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                                                                                                                          0000000074d34965 5 bytes JMP 0000000171f07881
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                                                                                               0000000074d470c4 5 bytes JMP 0000000171f04311
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!ControlService                                                                                                                                               0000000074d470dc 5 bytes JMP 0000000171f03e51
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!DeleteService                                                                                                                                                0000000074d470f4 5 bytes JMP 0000000171f03ee9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                                                                                                                         0000000074d631f4 5 bytes JMP 0000000171f03f81
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                                                                                                                         0000000074d63204 5 bytes JMP 0000000171f04019
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA                                                                                                                                            0000000074d63214 5 bytes JMP 0000000171f03d21
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW                                                                                                                                            0000000074d63224 5 bytes JMP 0000000171f03db9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                                                                                               0000000074d63264 5 bytes JMP 0000000171f04279
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                                                                                                                             0000000076150179 5 bytes JMP 0000000171f04d29
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\WS2_32.dll!closesocket                                                                                                                                                    0000000075773918 5 bytes JMP 0000000171f05ef9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\WS2_32.dll!WSASocketW                                                                                                                                                     0000000075773cd3 5 bytes JMP 0000000171f05e61
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\WS2_32.dll!socket                                                                                                                                                         0000000075773eb8 5 bytes JMP 0000000171f06f99
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\WS2_32.dll!WSASend                                                                                                                                                        0000000075774406 5 bytes JMP 0000000171f02139
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW                                                                                                                                                   0000000075774889 5 bytes JMP 0000000171f05741
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\WS2_32.dll!recv                                                                                                                                                           0000000075776b0e 5 bytes JMP 0000000171f07161
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\WS2_32.dll!connect                                                                                                                                                        0000000075776bdd 1 byte JMP 0000000171f041e1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\WS2_32.dll!connect + 2                                                                                                                                                    0000000075776bdf 3 bytes {CALL RBP}
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\WS2_32.dll!send                                                                                                                                                           0000000075776f01 5 bytes JMP 0000000171f020a1
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\WS2_32.dll!WSARecv                                                                                                                                                        0000000075777089 5 bytes JMP 0000000171f071f9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                                                                                                                                     000000007577cc3f 5 bytes JMP 0000000171f070c9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW                                                                                                                                                 000000007577d1ea 5 bytes JMP 0000000171f057d9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                                                                                                                  0000000075787673 5 bytes JMP 0000000171f05871
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                       0000000076d91465 2 bytes [D9, 76]
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                      0000000076d914bb 2 bytes [D9, 76]
.text    ...                                                                                                                                                                                                                                                           * 2
?        C:\Windows\system32\mssprxy.dll [2964] entry point in ".rdata" section                                                                                                                                                                                        0000000072f071e6
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                                                                               0000000076f21b21 11 bytes [B8, 79, D7, 65, 73, 00, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                                                         0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6                                                                                                                                                     0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                                                                                  0000000076f22b61 8 bytes [B8, 79, EC, 65, 73, 00, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                                                                                 0000000076f22b6a 2 bytes [50, C3]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                                           0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                                                                              0000000076f40931 11 bytes [B8, B9, FF, 65, 73, 00, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                                                                            0000000076f752f1 11 bytes [B8, B9, 7A, 65, 73, 00, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                                                                            0000000076f75311 11 bytes [B8, 39, 77, 65, 73, 00, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                                                                     0000000076f8a5e0 12 bytes [48, B8, B9, 81, 65, 73, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                                                                     0000000076f8a6f0 12 bytes [48, B8, 39, 7E, 65, 73, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                                                                                        0000000076faf491 11 bytes [B8, 79, F3, 65, 73, 00, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                                                                                        0000000076faf691 11 bytes [B8, F9, EF, 65, 73, 00, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                                                                                  0000000076faf6c1 8 bytes [B8, F9, E8, 65, 73, 00, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                                                                                 0000000076faf6ca 2 bytes [50, C3]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                                                                                000007fefd061861 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                                                000007fefd062db1 11 bytes [B8, 39, CB, 65, 73, 00, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                                                                             000007fefd063461 11 bytes [B8, F9, CC, 65, 73, 00, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                                 000007fefd068ef0 12 bytes [48, B8, 79, C9, 65, 73, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                                                   000007fefd0694c0 12 bytes [48, B8, B9, 50, 65, 73, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                                             000007fefd06bfd1 11 bytes [B8, B9, C7, 65, 73, 00, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                                                 000007fefd072af1 11 bytes [B8, F9, 4E, 65, 73, 00, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                                                                             000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                                           000007fefd0a0c11 11 bytes [B8, 79, E5, 65, 73, 00, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                                                                         000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                                                                        000007fefd0a287a 2 bytes [50, C3]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                                                                               000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                                                000007fefd39642d 11 bytes [B8, 39, 5B, 65, 73, 00, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                                                      000007fefd396484 12 bytes [48, B8, F9, 55, 65, 73, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                                            000007fefd396519 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                                                      000007fefd396c34 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                                                 000007fefd397ab5 11 bytes [B8, F9, 5C, 65, 73, 00, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                                             000007fefd398b01 11 bytes [B8, B9, 57, 65, 73, 00, 00, ...]
.text    C:\Program Files\IDT\WDM\sttray64.exe[2980] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                                             000007fefd398c39 11 bytes [B8, 79, 59, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                                                     0000000076f21b21 11 bytes [B8, 79, BB, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                               0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6                                                                                                                           0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                                                        0000000076f22b61 8 bytes [B8, 79, D0, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                                                       0000000076f22b6a 2 bytes [50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                 0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                                                    0000000076f40931 11 bytes [B8, B9, E3, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                                                  0000000076f752f1 11 bytes [B8, B9, 7A, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                                                  0000000076f75311 11 bytes [B8, 39, 77, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                                           0000000076f8a5e0 12 bytes [48, B8, B9, 81, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                                           0000000076f8a6f0 12 bytes [48, B8, 39, 7E, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                                                              0000000076faf491 11 bytes [B8, 79, D7, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                                                              0000000076faf691 11 bytes [B8, F9, D3, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                                                        0000000076faf6c1 8 bytes [B8, F9, CC, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                                                       0000000076faf6ca 2 bytes [50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                                                      000007fefd061861 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                      000007fefd062db1 11 bytes [B8, 39, AF, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                                                   000007fefd063461 11 bytes [B8, F9, B0, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                       000007fefd068ef0 12 bytes [48, B8, 79, AD, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                         000007fefd0694c0 12 bytes [48, B8, B9, 50, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                   000007fefd06bfd1 11 bytes [B8, B9, AB, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                       000007fefd072af1 11 bytes [B8, F9, 4E, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                                                   000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                 000007fefd0a0c11 11 bytes [B8, 79, C9, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                                               000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                                              000007fefd0a287a 2 bytes [50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                                                     000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                                              000007fefd9213b1 11 bytes [B8, 79, A6, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                                              000007fefd9218e0 12 bytes [48, B8, B9, A4, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                                                           000007fefd921bd1 11 bytes [B8, F9, A2, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                                              000007fefd922201 11 bytes [B8, 39, E0, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                                             000007fefd9223c0 12 bytes [48, B8, 39, 8C, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\WS2_32.dll!connect                                                                                                                                                  000007fefd9245c0 12 bytes [48, B8, 79, 67, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                                                 000007fefd928001 11 bytes [B8, 39, A1, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                                                            000007fefd928df0 7 bytes [48, B8, B9, 8F, 65, 73, 00]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                                                        000007fefd928df9 3 bytes [00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                                                           000007fefd92c090 12 bytes [48, B8, F9, 8D, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                                               000007fefd92de91 11 bytes [B8, 39, D9, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                                                 000007fefd92df41 11 bytes [B8, 79, DE, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                                           000007fefd94e0f1 11 bytes [B8, B9, DC, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                      000007fefd39642d 11 bytes [B8, 39, 5B, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                            000007fefd396484 12 bytes [48, B8, F9, 55, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                  000007fefd396519 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                            000007fefd396c34 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                       000007fefd397ab5 11 bytes [B8, F9, 5C, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                   000007fefd398b01 11 bytes [B8, B9, 57, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                   000007fefd398c39 11 bytes [B8, 79, 59, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                                                                                     000007fefedc4ea1 11 bytes [B8, 39, FC, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                                                         000007fefedc55c8 12 bytes [48, B8, B9, 6C, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                                                         000007fefeddb85c 12 bytes [48, B8, F9, 6A, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                                                                                   000007fefeddb9d0 12 bytes [48, B8, 79, 60, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3004] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA
         

Alt 02.02.2015, 18:08   #10
Phil101
 
Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp - Standard

Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp



Teil 7
Code:
ATTFilter
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                                                                   00000000771792d1 5 bytes [B8, 39, 69, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                                                                   00000000771792d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                                                                        0000000077191330 6 bytes [48, B8, F9, EF, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                                                                    0000000077191338 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                            00000000771913a0 6 bytes [48, B8, 39, BD, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                                                                        00000000771913a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                                                            0000000077191470 6 bytes [48, B8, F9, A9, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                                                        0000000077191478 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                      0000000077191510 6 bytes [48, B8, F9, 32, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                                                                  0000000077191518 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                 0000000077191530 6 bytes [48, B8, 39, 1C, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                                                             0000000077191538 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                                                               0000000077191550 6 bytes [48, B8, F9, 1D, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                                                           0000000077191558 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                 0000000077191570 6 bytes [48, B8, 39, A8, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                                                             0000000077191578 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                      0000000077191620 6 bytes [48, B8, 79, EC, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                                                                  0000000077191628 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                               0000000077191650 6 bytes [48, B8, 79, 2F, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                                                           0000000077191658 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                  0000000077191670 6 bytes [48, B8, 79, 36, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                                                              0000000077191678 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                   0000000077191700 6 bytes [48, B8, B9, 34, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                                                               0000000077191708 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                    0000000077191750 6 bytes [48, B8, B9, F1, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                                                                0000000077191758 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                                                                  0000000077191780 6 bytes [48, B8, 39, 2A, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                                                              0000000077191788 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                     0000000077191790 6 bytes [48, B8, B9, 26, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                                                                 0000000077191798 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                                       0000000077191800 6 bytes [48, B8, 39, EE, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                                                                   0000000077191808 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                                                      00000000771918b0 6 bytes [48, B8, 39, F5, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                                                                  00000000771918b8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                     0000000077191c80 6 bytes [48, B8, B9, EA, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                                                                 0000000077191c88 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                                                    0000000077191cd0 6 bytes [48, B8, 79, 28, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                                                                0000000077191cd8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                   0000000077191d30 6 bytes [48, B8, F9, 24, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                                                               0000000077191d38 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                       00000000771920a0 6 bytes [48, B8, F9, BE, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                                                                   00000000771920a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                                                                   00000000771925e0 6 bytes [48, B8, 79, 83, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                                                               00000000771925e8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                 00000000771927e0 6 bytes [48, B8, 39, 31, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                                                             00000000771927e8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                             00000000771929a0 6 bytes [48, B8, B9, C0, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                                                         00000000771929a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                   0000000077192a80 6 bytes [48, B8, 79, 3D, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                                                               0000000077192a88 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                    0000000077192a90 6 bytes [48, B8, B9, 3B, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                                                                0000000077192a98 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                               0000000077192aa0 6 bytes [48, B8, 79, F3, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                                                           0000000077192aa8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                       0000000077192b80 6 bytes [48, B8, 79, E5, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                                                                   0000000077192b88 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                                                             0000000077203201 11 bytes [B8, 39, 85, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                                                              0000000076f21b21 11 bytes [B8, 79, BB, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                                        0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6                                                                                                                                    0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                                                                 0000000076f22b61 8 bytes [B8, 79, D0, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                                                                0000000076f22b6a 2 bytes [50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                          0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                                                             0000000076f40931 11 bytes [B8, B9, E3, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                                                           0000000076f752f1 11 bytes [B8, B9, 7A, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                                                           0000000076f75311 11 bytes [B8, 39, 77, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                                                    0000000076f8a5e0 12 bytes [48, B8, B9, 81, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                                                    0000000076f8a6f0 12 bytes [48, B8, 39, 7E, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                                                                       0000000076faf491 11 bytes [B8, 79, D7, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                                                                       0000000076faf691 11 bytes [B8, F9, D3, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                                                                 0000000076faf6c1 8 bytes [B8, F9, CC, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                                                                0000000076faf6ca 2 bytes [50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                                                               000007fefd061861 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                               000007fefd062db1 11 bytes [B8, 39, AF, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                                                            000007fefd063461 11 bytes [B8, F9, B0, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                000007fefd068ef0 12 bytes [48, B8, 79, AD, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                                  000007fefd0694c0 12 bytes [48, B8, B9, 50, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                            000007fefd06bfd1 11 bytes [B8, B9, AB, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                                000007fefd072af1 11 bytes [B8, F9, 4E, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                                                            000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                          000007fefd0a0c11 11 bytes [B8, 79, C9, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                                                        000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                                                       000007fefd0a287a 2 bytes [50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                                                              000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                               000007fefd39642d 11 bytes [B8, 39, 5B, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                                     000007fefd396484 12 bytes [48, B8, F9, 55, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                           000007fefd396519 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                                     000007fefd396c34 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                                000007fefd397ab5 11 bytes [B8, F9, 5C, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                            000007fefd398b01 11 bytes [B8, B9, 57, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                            000007fefd398c39 11 bytes [B8, 79, 59, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                                                       000007fefd9213b1 11 bytes [B8, 79, A6, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                                                       000007fefd9218e0 12 bytes [48, B8, B9, A4, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                                                                    000007fefd921bd1 11 bytes [B8, F9, A2, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                                                       000007fefd922201 11 bytes [B8, 39, E0, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                                                      000007fefd9223c0 12 bytes [48, B8, 39, 8C, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\WS2_32.dll!connect                                                                                                                                                           000007fefd9245c0 12 bytes [48, B8, 79, 67, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                                                          000007fefd928001 11 bytes [B8, 39, A1, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                                                                     000007fefd928df0 7 bytes [48, B8, B9, 8F, 65, 73, 00]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                                                                 000007fefd928df9 3 bytes [00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                                                                    000007fefd92c090 12 bytes [48, B8, F9, 8D, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                                                        000007fefd92de91 11 bytes [B8, 39, D9, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                                                          000007fefd92df41 11 bytes [B8, 79, DE, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                                                    000007fefd94e0f1 11 bytes [B8, B9, DC, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8                                                                                                                                                     000007fefc5656e0 12 bytes [48, B8, F9, C5, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\DNSAPI.dll!DnsQuery_W                                                                                                                                                        000007fefc57010c 12 bytes [48, B8, 39, C4, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2036] C:\Windows\system32\DNSAPI.dll!DnsQuery_A                                                                                                                                                        000007fefc58daa0 12 bytes [48, B8, 79, C2, 65, 73, 00, ...]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                                                                                                           000000007733f928 5 bytes JMP 0000000171f06c09
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                                               000000007733f9e0 5 bytes JMP 0000000171f05c99
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                                                                                               000000007733fb28 5 bytes JMP 0000000171f056a9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                                                                                         000000007733fc20 5 bytes JMP 0000000171f031d9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                                                                    000000007733fc50 5 bytes JMP 0000000171f015f1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                                                                                  000000007733fc80 5 bytes JMP 0000000171f01689
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                                                    000000007733fcb0 5 bytes JMP 0000000171f05611
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                                                         000000007733fdc8 5 bytes JMP 0000000171f06b71
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                                                                  000000007733fe14 5 bytes JMP 0000000171f030a9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                                                                     000000007733fe44 5 bytes JMP 0000000171f03309
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                                                                                      000000007733ff24 5 bytes JMP 0000000171f03271
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                                                       000000007733ffa4 5 bytes JMP 0000000171f06ca1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                                                                                                     000000007733ffec 5 bytes JMP 0000000171f02ee1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                                                        0000000077340004 5 bytes JMP 0000000171f02db1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                                          00000000773400b4 5 bytes JMP 0000000171f01ed9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                                                         00000000773401c4 5 bytes JMP 0000000171f02301
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                                                                        000000007734079c 5 bytes JMP 0000000171f06ad9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                                                                                                       0000000077340814 5 bytes JMP 0000000171f02e49
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                                                      00000000773408a4 5 bytes JMP 0000000171f02d19
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                                                          0000000077340df4 5 bytes JMP 0000000171f05d31
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                                                                                                      0000000077341604 5 bytes JMP 0000000171f04ac9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                                                                    0000000077341920 5 bytes JMP 0000000171f03141
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                                                0000000077341be4 5 bytes JMP 0000000171f05dc9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                                                                                                      0000000077341d54 5 bytes JMP 0000000171f03439
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                                                                       0000000077341d70 5 bytes JMP 0000000171f033a1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                                                  0000000077341d8c 5 bytes JMP 0000000171f06d39
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                                                                                                          0000000077341ee8 5 bytes JMP 0000000171f06911
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                                                                                                            00000000773588c4 5 bytes JMP 0000000171f01ab1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                                                                                                          0000000077380d3b 5 bytes JMP 0000000171f02009
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                                                                                                    00000000773c860f 5 bytes JMP 0000000171f04b61
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                                                                                                            00000000773ce8ab 5 bytes JMP 0000000171f01f71
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                                                                                                    00000000754c0e00 5 bytes JMP 0000000171f01da9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                                                     00000000754c1072 5 bytes JMP 0000000171f02a21
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                                                                                       00000000754c499f 5 bytes JMP 0000000171f025f9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                                                                             00000000754d3bbb 5 bytes JMP 0000000171f03011
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                                                                                              00000000754d9aa4 5 bytes JMP 0000000171f06581
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                                                                                        00000000754d9b05 5 bytes JMP 0000000171f06321
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                           00000000754e7327 5 bytes JMP 0000000171f02729
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                                                                                                     00000000754e88da 5 bytes JMP 0000000171f05c01
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                                                                                        00000000754eccb1 5 bytes JMP 0000000171f061f1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA                                                                                                                              00000000754eccd1 5 bytes JMP 0000000171f06451
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                                                                            0000000075542ff1 5 bytes JMP 0000000171f028f1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                                                                                                  000000007556748b 5 bytes JMP 0000000171f046a1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                                                                                                  00000000755674ae 5 bytes JMP 0000000171f047d1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                                                                                                       0000000075567859 5 bytes JMP 0000000171f04901
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                                                                                                       00000000755678d2 5 bytes JMP 0000000171f04a31
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                                                                                                                          0000000075948f8d 5 bytes JMP 0000000171f01a19
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle                                                                                                                                      000000007594c436 5 bytes JMP 0000000171f03b59
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                                                                                                               000000007594eca6 5 bytes JMP 0000000171f03601
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess                                                                                                                                      000000007594f206 5 bytes JMP 0000000171f02399
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                                                                                                                  000000007594fa89 5 bytes JMP 0000000171f01e41
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW                                                                                                                                 000000007594fbb7 5 bytes JMP 0000000171f060c1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW                                                                                                                                     0000000075951358 5 bytes JMP 0000000171f03ac1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW                                                                                                                                       000000007595137f 5 bytes JMP 0000000171f03a29
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                                                 0000000075951d29 5 bytes JMP 0000000171f01981
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress                                                                                                                                   0000000075951e15 5 bytes JMP 0000000171f024c9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                                                   0000000075952ab1 5 bytes JMP 0000000171f057d9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                                                                                                                   0000000075952cd9 5 bytes JMP 0000000171f05741
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                                                      0000000075952d17 5 bytes JMP 0000000171f05871
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                                                                                                                 0000000075952e7a 5 bytes JMP 0000000171f018e9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!SleepEx                                                                                                                                          0000000075953b70 5 bytes JMP 0000000171f02269
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!Sleep                                                                                                                                            0000000075954496 5 bytes JMP 0000000171f02431
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!CreateThread                                                                                                                                     0000000075954608 5 bytes JMP 0000000171f03569
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                                                                                                               0000000075954631 5 bytes JMP 0000000171f02c81
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA                                                                                                                                      000000007595c734 5 bytes JMP 0000000171f027c1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\msvcrt.dll!_lock + 41                                                                                                                                           000000007607a472 5 bytes JMP 0000000171f06dd1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\msvcrt.dll!__p__fmode                                                                                                                                           00000000760827ce 5 bytes JMP 0000000171f01be1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\msvcrt.dll!__p__environ                                                                                                                                         000000007608e6cf 5 bytes JMP 0000000171f01b49
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\WS2_32.dll!closesocket                                                                                                                                          0000000075773918 5 bytes JMP 0000000171f05579
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\WS2_32.dll!WSASocketW                                                                                                                                           0000000075773cd3 5 bytes JMP 0000000171f054e1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\WS2_32.dll!socket                                                                                                                                               0000000075773eb8 5 bytes JMP 0000000171f06619
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\WS2_32.dll!WSASend                                                                                                                                              0000000075774406 5 bytes JMP 0000000171f02139
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW                                                                                                                                         0000000075774889 5 bytes JMP 0000000171f04dc1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\WS2_32.dll!recv                                                                                                                                                 0000000075776b0e 5 bytes JMP 0000000171f067e1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\WS2_32.dll!connect                                                                                                                                              0000000075776bdd 1 byte JMP 0000000171f041e1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\WS2_32.dll!connect + 2                                                                                                                                          0000000075776bdf 3 bytes {CALL RBP}
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\WS2_32.dll!send                                                                                                                                                 0000000075776f01 5 bytes JMP 0000000171f020a1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\WS2_32.dll!WSARecv                                                                                                                                              0000000075777089 5 bytes JMP 0000000171f06879
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                                                                                                                           000000007577cc3f 5 bytes JMP 0000000171f06749
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW                                                                                                                                       000000007577d1ea 5 bytes JMP 0000000171f04e59
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                                                                                                        0000000075787673 5 bytes JMP 0000000171f04ef1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                                                                                          0000000075d778e2 5 bytes JMP 0000000171f04441
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                                                                                          0000000075d77bd3 5 bytes JMP 0000000171f043a9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                                                      0000000075d78a29 5 bytes JMP 0000000171f04f89
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!FindWindowW                                                                                                                                          0000000075d798fd 5 bytes JMP 0000000171f05a39
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize                                                                                                                              0000000075d7b6ed 5 bytes JMP 0000000171f06f01
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                                                                                      0000000075d7d22e 5 bytes JMP 0000000171f05021
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                                                                      0000000075d7ee09 5 bytes JMP 0000000171f034d1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!FindWindowA                                                                                                                                          0000000075d7ffe6 5 bytes JMP 0000000171f05909
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!FindWindowExA                                                                                                                                        0000000075d800d9 5 bytes JMP 0000000171f059a1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                                                                                         0000000075d805ba 5 bytes JMP 0000000171f04571
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!ShowWindow                                                                                                                                           0000000075d80dfb 5 bytes JMP 0000000171f050b9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                                                         0000000075d812a5 5 bytes JMP 0000000171f06a41
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                                                                                                       0000000075d820ec 5 bytes JMP 0000000171f05449
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                                                         0000000075d83baa 5 bytes JMP 0000000171f069a9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                                                                                         0000000075d85f74 5 bytes JMP 0000000171f044d9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!CallNextHookEx                                                                                                                                       0000000075d86285 5 bytes JMP 0000000171f04bf9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                                                                    0000000075d87603 5 bytes JMP 0000000171f02be9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                                                                                                       0000000075d87aee 5 bytes JMP 0000000171f053b1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                                                                    0000000075d8835c 5 bytes JMP 0000000171f02b51
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                                                                                                                           0000000075d9ce54 5 bytes JMP 0000000171f051e9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                                                                                  0000000075d9f52b 5 bytes JMP 0000000171f04c91
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!FindWindowExW                                                                                                                                        0000000075d9f588 5 bytes JMP 0000000171f05ad1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                                                                                                                        0000000075da10a0 5 bytes JMP 0000000171f05151
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                                                                                        0000000075dcfcd6 2 bytes JMP 0000000171f05281
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3                                                                                                                                    0000000075dcfcd9 2 bytes [13, FC]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                                                                                        0000000075dcfcfa 5 bytes JMP 0000000171f05319
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW                                                                                                                                       0000000074d2c9ec 5 bytes JMP 0000000171f03c89
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA                                                                                                                                       0000000074d32b70 5 bytes JMP 0000000171f03bf1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                                                                                                                 0000000074d3361c 5 bytes JMP 0000000171f040b1
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                                                                                                                0000000074d34965 5 bytes JMP 0000000171f06f99
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                                                                                     0000000074d470c4 5 bytes JMP 0000000171f04311
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\ADVAPI32.dll!ControlService                                                                                                                                     0000000074d470dc 5 bytes JMP 0000000171f03e51
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\ADVAPI32.dll!DeleteService                                                                                                                                      0000000074d470f4 5 bytes JMP 0000000171f03ee9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                                                                                                               0000000074d631f4 5 bytes JMP 0000000171f03f81
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                                                                                                               0000000074d63204 5 bytes JMP 0000000171f04019
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA                                                                                                                                  0000000074d63214 5 bytes JMP 0000000171f03d21
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW                                                                                                                                  0000000074d63224 5 bytes JMP 0000000171f03db9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                                                                                     0000000074d63264 5 bytes JMP 0000000171f04279
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2340] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                                                                                                                   0000000076150179 5 bytes JMP 0000000171f04d29
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtReadFile                                                                                                                                     000000007733f8f0 5 bytes JMP 0000000171f06619
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                                                                                                    000000007733f928 5 bytes JMP 0000000171f06ca1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                                        000000007733f9e0 5 bytes JMP 0000000171f05c99
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                                                                                        000000007733fb28 5 bytes JMP 0000000171f056a9
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                                                                                  000000007733fc20 5 bytes JMP 0000000171f031d9
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                                                             000000007733fc50 5 bytes JMP 0000000171f015f1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                                                                           000000007733fc80 5 bytes JMP 0000000171f01689
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                                             000000007733fcb0 5 bytes JMP 0000000171f05611
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                                                  000000007733fdc8 5 bytes JMP 0000000171f06c09
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                                                           000000007733fe14 5 bytes JMP 0000000171f030a9
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                                                              000000007733fe44 5 bytes JMP 0000000171f03309
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                                                                               000000007733ff24 5 bytes JMP 0000000171f03271
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                                                000000007733ffa4 5 bytes JMP 0000000171f06d39
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                                                                                              000000007733ffec 5 bytes JMP 0000000171f02ee1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                                                 0000000077340004 5 bytes JMP 0000000171f02db1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                                   00000000773400b4 5 bytes JMP 0000000171f01ed9
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                                                  00000000773401c4 5 bytes JMP 0000000171f02301
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                                                                 000000007734079c 5 bytes JMP 0000000171f06b71
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                                                                                                0000000077340814 5 bytes JMP 0000000171f02e49
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                                               00000000773408a4 5 bytes JMP 0000000171f02d19
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                                                   0000000077340df4 5 bytes JMP 0000000171f05d31
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                                                                                               0000000077341604 5 bytes JMP 0000000171f04ac9
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                                                             0000000077341920 5 bytes JMP 0000000171f03141
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                                         0000000077341be4 5 bytes JMP 0000000171f05dc9
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                                                                                               0000000077341d54 5 bytes JMP 0000000171f03439
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                                                                0000000077341d70 5 bytes JMP 0000000171f033a1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                                           0000000077341d8c 5 bytes JMP 0000000171f06dd1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                                                                                                   0000000077341ee8 5 bytes JMP 0000000171f069a9
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                                                                                                     00000000773588c4 5 bytes JMP 0000000171f01ab1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                                                                                                   0000000077380d3b 5 bytes JMP 0000000171f02009
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                                                                                             00000000773c860f 5 bytes JMP 0000000171f04b61
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                                                                                                     00000000773ce8ab 5 bytes JMP 0000000171f01f71
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                                                                                             00000000754c0e00 5 bytes JMP 0000000171f01da9
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                                              00000000754c1072 5 bytes JMP 0000000171f02a21
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                                                                                00000000754c499f 5 bytes JMP 0000000171f025f9
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                                                                      00000000754d3bbb 5 bytes JMP 0000000171f03011
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                                                                                       00000000754d9aa4 5 bytes JMP 0000000171f06581
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                                                                                 00000000754d9b05 5 bytes JMP 0000000171f06321
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                    00000000754e7327 5 bytes JMP 0000000171f02729
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                                                                                              00000000754e88da 5 bytes JMP 0000000171f05c01
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                                                                                 00000000754eccb1 5 bytes JMP 0000000171f061f1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA                                                                                                                       00000000754eccd1 5 bytes JMP 0000000171f06451
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                                                                     0000000075542ff1 5 bytes JMP 0000000171f028f1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                                                                                           000000007556748b 5 bytes JMP 0000000171f046a1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                                                                                           00000000755674ae 5 bytes JMP 0000000171f047d1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                                                                                                0000000075567859 5 bytes JMP 0000000171f04901
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                                                                                                00000000755678d2 5 bytes JMP 0000000171f04a31
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                                                                                                                   0000000075948f8d 5 bytes JMP 0000000171f01a19
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle                                                                                                                               000000007594c436 5 bytes JMP 0000000171f03b59
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                                                                                                        000000007594eca6 5 bytes JMP 0000000171f03601
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess                                                                                                                               000000007594f206 5 bytes JMP 0000000171f02399
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                                                                                                           000000007594fa89 5 bytes JMP 0000000171f01e41
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW                                                                                                                          000000007594fbb7 5 bytes JMP 0000000171f060c1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW                                                                                                                              0000000075951358 5 bytes JMP 0000000171f03ac1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW                                                                                                                                000000007595137f 5 bytes JMP 0000000171f03a29
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                                          0000000075951d29 5 bytes JMP 0000000171f01981
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress                                                                                                                            0000000075951e15 5 bytes JMP 0000000171f024c9
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                                            0000000075952ab1 5 bytes JMP 0000000171f057d9
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                                                                                                            0000000075952cd9 5 bytes JMP 0000000171f05741
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                                               0000000075952d17 5 bytes JMP 0000000171f05871
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                                                                                                          0000000075952e7a 5 bytes JMP 0000000171f018e9
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\KERNELBASE.dll!SleepEx                                                                                                                                   0000000075953b70 5 bytes JMP 0000000171f02269
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\KERNELBASE.dll!Sleep                                                                                                                                     0000000075954496 5 bytes JMP 0000000171f02431
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\KERNELBASE.dll!CreateThread                                                                                                                              0000000075954608 5 bytes JMP 0000000171f03569
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                                                                                                        0000000075954631 5 bytes JMP 0000000171f02c81
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA
         

Alt 02.02.2015, 18:09   #11
Phil101
 
Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp - Standard

Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp



Teil 8
Code:
ATTFilter
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\WS2_32.dll!closesocket                                                                                                                                   0000000075773918 5 bytes JMP 0000000171f05579
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\WS2_32.dll!WSASocketW                                                                                                                                    0000000075773cd3 5 bytes JMP 0000000171f054e1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\WS2_32.dll!socket                                                                                                                                        0000000075773eb8 5 bytes JMP 0000000171f066b1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\WS2_32.dll!WSASend                                                                                                                                       0000000075774406 5 bytes JMP 0000000171f02139
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW                                                                                                                                  0000000075774889 5 bytes JMP 0000000171f04dc1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\WS2_32.dll!recv                                                                                                                                          0000000075776b0e 5 bytes JMP 0000000171f06879
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\WS2_32.dll!connect                                                                                                                                       0000000075776bdd 1 byte JMP 0000000171f041e1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\WS2_32.dll!connect + 2                                                                                                                                   0000000075776bdf 3 bytes {CALL RBP}
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\WS2_32.dll!send                                                                                                                                          0000000075776f01 5 bytes JMP 0000000171f020a1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\WS2_32.dll!WSARecv                                                                                                                                       0000000075777089 5 bytes JMP 0000000171f06911
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                                                                                                                    000000007577cc3f 5 bytes JMP 0000000171f067e1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW                                                                                                                                000000007577d1ea 5 bytes JMP 0000000171f04e59
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                                                                                                 0000000075787673 5 bytes JMP 0000000171f04ef1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\msvcrt.dll!_lock + 41                                                                                                                                    000000007607a472 5 bytes JMP 0000000171f06f01
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\msvcrt.dll!__p__fmode                                                                                                                                    00000000760827ce 5 bytes JMP 0000000171f01be1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\msvcrt.dll!__p__environ                                                                                                                                  000000007608e6cf 5 bytes JMP 0000000171f01b49
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                                                                                   0000000075d778e2 5 bytes JMP 0000000171f04441
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                                                                                   0000000075d77bd3 5 bytes JMP 0000000171f043a9
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                                               0000000075d78a29 5 bytes JMP 0000000171f04f89
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!FindWindowW                                                                                                                                   0000000075d798fd 5 bytes JMP 0000000171f05a39
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize                                                                                                                       0000000075d7b6ed 5 bytes JMP 0000000171f06f99
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                                                                               0000000075d7d22e 5 bytes JMP 0000000171f05021
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                                                               0000000075d7ee09 5 bytes JMP 0000000171f034d1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!FindWindowA                                                                                                                                   0000000075d7ffe6 5 bytes JMP 0000000171f05909
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!FindWindowExA                                                                                                                                 0000000075d800d9 5 bytes JMP 0000000171f059a1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                                                                                  0000000075d805ba 5 bytes JMP 0000000171f04571
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!ShowWindow                                                                                                                                    0000000075d80dfb 5 bytes JMP 0000000171f050b9
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                                                  0000000075d812a5 5 bytes JMP 0000000171f06ad9
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                                                                                                0000000075d820ec 5 bytes JMP 0000000171f05449
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                                                  0000000075d83baa 5 bytes JMP 0000000171f06a41
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                                                                                  0000000075d85f74 5 bytes JMP 0000000171f044d9
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!CallNextHookEx                                                                                                                                0000000075d86285 5 bytes JMP 0000000171f04bf9
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                                                             0000000075d87603 5 bytes JMP 0000000171f02be9
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                                                                                                0000000075d87aee 5 bytes JMP 0000000171f053b1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                                                             0000000075d8835c 5 bytes JMP 0000000171f02b51
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                                                                                                                    0000000075d9ce54 5 bytes JMP 0000000171f051e9
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                                                                           0000000075d9f52b 5 bytes JMP 0000000171f04c91
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!FindWindowExW                                                                                                                                 0000000075d9f588 5 bytes JMP 0000000171f05ad1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                                                                                                                 0000000075da10a0 5 bytes JMP 0000000171f05151
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                                                                                 0000000075dcfcd6 2 bytes JMP 0000000171f05281
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3                                                                                                                             0000000075dcfcd9 2 bytes [13, FC]
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                                                                                 0000000075dcfcfa 5 bytes JMP 0000000171f05319
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW                                                                                                                                0000000074d2c9ec 5 bytes JMP 0000000171f03c89
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA                                                                                                                                0000000074d32b70 5 bytes JMP 0000000171f03bf1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                                                                                                          0000000074d3361c 5 bytes JMP 0000000171f040b1
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                                                                                                         0000000074d34965 5 bytes JMP 0000000171f07031
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                                                                              0000000074d470c4 5 bytes JMP 0000000171f04311
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\ADVAPI32.dll!ControlService                                                                                                                              0000000074d470dc 5 bytes JMP 0000000171f03e51
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\ADVAPI32.dll!DeleteService                                                                                                                               0000000074d470f4 5 bytes JMP 0000000171f03ee9
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                                                                                                        0000000074d631f4 5 bytes JMP 0000000171f03f81
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                                                                                                        0000000074d63204 5 bytes JMP 0000000171f04019
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA                                                                                                                           0000000074d63214 5 bytes JMP 0000000171f03d21
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW                                                                                                                           0000000074d63224 5 bytes JMP 0000000171f03db9
.text    C:\Users\Philipp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1384] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                                                                              0000000074d63264 5 bytes JMP 0000000171f04279
.text    C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                              0000000077191570 6 bytes [48, B8, F0, 12, 3B, 02]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                                                          0000000077191578 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[2084] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1                                                                                                                                 0000000076fbb7e1 11 bytes [B8, F0, 12, 31, 02, 00, 00, ...]
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                                                                                                                                              000000007733f928 5 bytes JMP 0000000171f06c09
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                                                                                  000000007733f9e0 5 bytes JMP 0000000171f05c99
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                                                                                                                                  000000007733fb28 5 bytes JMP 0000000171f05741
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                                                                                                                            000000007733fc20 5 bytes JMP 0000000171f03271
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                                                                                                       000000007733fc50 5 bytes JMP 0000000171f015f1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                                                                                                                     000000007733fc80 5 bytes JMP 0000000171f01689
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                                                                                       000000007733fcb0 5 bytes JMP 0000000171f056a9
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                                                                                            000000007733fdc8 5 bytes JMP 0000000171f06b71
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                     000000007733fe14 5 bytes JMP 0000000171f03141
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                                                                                                        000000007733fe44 5 bytes JMP 0000000171f033a1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                                                                                                                         000000007733ff24 5 bytes JMP 0000000171f03309
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                                                                                          000000007733ffa4 5 bytes JMP 0000000171f06ca1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                                                                                                                                        000000007733ffec 5 bytes JMP 0000000171f02f79
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                                                                                           0000000077340004 5 bytes JMP 0000000171f02e49
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                                                                             00000000773400b4 5 bytes JMP 0000000171f01f71
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                                                                                            00000000773401c4 5 bytes JMP 0000000171f02399
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                                                                                                           000000007734079c 5 bytes JMP 0000000171f06ad9
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                                                                                                                                          0000000077340814 5 bytes JMP 0000000171f02ee1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                                                                                         00000000773408a4 5 bytes JMP 0000000171f02db1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                                                                                             0000000077340df4 5 bytes JMP 0000000171f05d31
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                                                                                                                                         0000000077341604 5 bytes JMP 0000000171f04b61
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                                                                                                       0000000077341920 5 bytes JMP 0000000171f031d9
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                                                                                   0000000077341be4 5 bytes JMP 0000000171f05dc9
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                                                                                                                                         0000000077341d54 5 bytes JMP 0000000171f034d1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                                                                                                          0000000077341d70 5 bytes JMP 0000000171f03439
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                                                                                     0000000077341d8c 5 bytes JMP 0000000171f06d39
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                                                                                                                                             0000000077341ee8 5 bytes JMP 0000000171f06911
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                                                                                                                                               00000000773588c4 5 bytes JMP 0000000171f01b49
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                                                                                                                                             0000000077380d3b 5 bytes JMP 0000000171f020a1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                                                                                                                                       00000000773c860f 5 bytes JMP 0000000171f04bf9
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                                                                                                                                               00000000773ce8ab 5 bytes JMP 0000000171f02009
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                                                                                                                                       00000000754c0e00 5 bytes JMP 0000000171f01e41
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                                                                                        00000000754c1072 5 bytes JMP 0000000171f02ab9
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                                                                                                                          00000000754c499f 5 bytes JMP 0000000171f02691
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                                                                                                                00000000754d3bbb 5 bytes JMP 0000000171f030a9
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                                                                                                                                 00000000754d9aa4 5 bytes JMP 0000000171f06581
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                                                                                                                           00000000754d9b05 5 bytes JMP 0000000171f06321
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                                                              00000000754e7327 5 bytes JMP 0000000171f027c1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                                                                                                                                        00000000754e88da 5 bytes JMP 0000000171f05c01
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                                                                                                                           00000000754eccb1 5 bytes JMP 0000000171f061f1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA                                                                                                                                                                 00000000754eccd1 5 bytes JMP 0000000171f06451
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                                                                                                               0000000075542ff1 5 bytes JMP 0000000171f02989
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                                                                                                                                     000000007556748b 5 bytes JMP 0000000171f04739
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                                                                                                                                     00000000755674ae 5 bytes JMP 0000000171f04869
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                                                                                                                                          0000000075567859 5 bytes JMP 0000000171f04999
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                                                                                                                                          00000000755678d2 5 bytes JMP 0000000171f04ac9
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                                                                                                                                                             0000000075948f8d 5 bytes JMP 0000000171f01ab1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle                                                                                                                                                                         000000007594c436 5 bytes JMP 0000000171f03bf1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                                                                                                                                                  000000007594eca6 5 bytes JMP 0000000171f03699
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess                                                                                                                                                                         000000007594f206 5 bytes JMP 0000000171f02431
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                                                                                                                                                     000000007594fa89 5 bytes JMP 0000000171f01ed9
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW                                                                                                                                                                    000000007594fbb7 5 bytes JMP 0000000171f060c1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW                                                                                                                                                                        0000000075951358 5 bytes JMP 0000000171f03b59
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW                                                                                                                                                                          000000007595137f 5 bytes JMP 0000000171f03ac1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                                                                                    0000000075951d29 5 bytes JMP 0000000171f01a19
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress                                                                                                                                                                      0000000075951e15 5 bytes JMP 0000000171f02561
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                                      0000000075952ab1 5 bytes JMP 0000000171f01721
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                                                                                                                                                      0000000075952cd9 5 bytes JMP 0000000171f057d9
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                                                                                         0000000075952d17 5 bytes JMP 0000000171f05871
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                                                                                                                                                    0000000075952e7a 5 bytes JMP 0000000171f01981
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!SleepEx                                                                                                                                                                             0000000075953b70 5 bytes JMP 0000000171f02301
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!Sleep                                                                                                                                                                               0000000075954496 5 bytes JMP 0000000171f024c9
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!CreateThread                                                                                                                                                                        0000000075954608 5 bytes JMP 0000000171f03601
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                                                                                                                                                  0000000075954631 5 bytes JMP 0000000171f02d19
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA                                                                                                                                                                         000000007595c734 5 bytes JMP 0000000171f02859
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                                                                                                                             0000000075d778e2 5 bytes JMP 0000000171f044d9
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                                                                                                                             0000000075d77bd3 5 bytes JMP 0000000171f04441
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                                                                                         0000000075d78a29 5 bytes JMP 0000000171f05021
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!FindWindowW                                                                                                                                                                             0000000075d798fd 5 bytes JMP 0000000171f05a39
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize                                                                                                                                                                 0000000075d7b6ed 5 bytes JMP 0000000171f06dd1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                                                                                                                         0000000075d7d22e 5 bytes JMP 0000000171f050b9
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                                                                                                         0000000075d7ee09 5 bytes JMP 0000000171f03569
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!FindWindowA                                                                                                                                                                             0000000075d7ffe6 5 bytes JMP 0000000171f05909
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!FindWindowExA                                                                                                                                                                           0000000075d800d9 5 bytes JMP 0000000171f059a1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                                                                                                                            0000000075d805ba 5 bytes JMP 0000000171f04609
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!ShowWindow                                                                                                                                                                              0000000075d80dfb 5 bytes JMP 0000000171f05151
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                                                                                            0000000075d812a5 5 bytes JMP 0000000171f06a41
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                                                                                                                                          0000000075d820ec 5 bytes JMP 0000000171f054e1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                                                                                            0000000075d83baa 5 bytes JMP 0000000171f069a9
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                                                                                                                            0000000075d85f74 5 bytes JMP 0000000171f04571
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!CallNextHookEx                                                                                                                                                                          0000000075d86285 5 bytes JMP 0000000171f04c91
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                                                                                                       0000000075d87603 5 bytes JMP 0000000171f02c81
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                                                                                                                                          0000000075d87aee 5 bytes JMP 0000000171f05449
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                                                                                                       0000000075d8835c 5 bytes JMP 0000000171f02be9
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                                                                                                                                                              0000000075d9ce54 5 bytes JMP 0000000171f05281
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                                                                                                                     0000000075d9f52b 5 bytes JMP 0000000171f04d29
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!FindWindowExW                                                                                                                                                                           0000000075d9f588 5 bytes JMP 0000000171f05ad1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                                                                                                                                                           0000000075da10a0 5 bytes JMP 0000000171f051e9
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                                                                                                                           0000000075dcfcd6 5 bytes JMP 0000000171f05319
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                                                                                                                           0000000075dcfcfa 5 bytes JMP 0000000171f053b1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\msvcrt.dll!_lock + 41                                                                                                                                                                              000000007607a472 5 bytes JMP 0000000171f06e69
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\msvcrt.dll!__p__fmode                                                                                                                                                                              00000000760827ce 5 bytes JMP 0000000171f01c79
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\msvcrt.dll!__p__environ                                                                                                                                                                            000000007608e6cf 5 bytes JMP 0000000171f01be1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW                                                                                                                                                                          0000000074d2c9ec 5 bytes JMP 0000000171f03d21
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA                                                                                                                                                                          0000000074d32b70 5 bytes JMP 0000000171f03c89
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                                                                                                                                                    0000000074d3361c 5 bytes JMP 0000000171f04149
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                                                                                                                                                   0000000074d34965 5 bytes JMP 0000000171f06f01
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                                                                                                                        0000000074d470c4 5 bytes JMP 0000000171f043a9
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\ADVAPI32.dll!ControlService                                                                                                                                                                        0000000074d470dc 5 bytes JMP 0000000171f03ee9
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\ADVAPI32.dll!DeleteService                                                                                                                                                                         0000000074d470f4 5 bytes JMP 0000000171f03f81
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                                                                                                                                                  0000000074d631f4 5 bytes JMP 0000000171f04019
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                                                                                                                                                  0000000074d63204 5 bytes JMP 0000000171f040b1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA                                                                                                                                                                     0000000074d63214 5 bytes JMP 0000000171f03db9
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW                                                                                                                                                                     0000000074d63224 5 bytes JMP 0000000171f03e51
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                                                                                                                        0000000074d63264 5 bytes JMP 0000000171f04311
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                                                                                                                                                      0000000076150179 5 bytes JMP 0000000171f04dc1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\urlmon.dll!CreateUri + 128                                                                                                                                                                         0000000074dd2b30 5 bytes JMP 0000000171f07031
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW                                                                                                                                                                 0000000074e0ec50 2 bytes JMP 0000000171f041e1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW + 3                                                                                                                                                             0000000074e0ec53 2 bytes [0F, FD]
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW                                                                                                                                                                      0000000074e0f560 5 bytes JMP 0000000171f02269
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA                                                                                                                                                                      0000000074e8ec10 5 bytes JMP 0000000171f02b51
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\WS2_32.dll!closesocket                                                                                                                                                                             0000000075773918 5 bytes JMP 0000000171f05611
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\WS2_32.dll!WSASocketW                                                                                                                                                                              0000000075773cd3 5 bytes JMP 0000000171f05579
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\WS2_32.dll!socket                                                                                                                                                                                  0000000075773eb8 5 bytes JMP 0000000171f06619
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\WS2_32.dll!WSASend                                                                                                                                                                                 0000000075774406 5 bytes JMP 0000000171f021d1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW                                                                                                                                                                            0000000075774889 5 bytes JMP 0000000171f04e59
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\WS2_32.dll!recv                                                                                                                                                                                    0000000075776b0e 5 bytes JMP 0000000171f067e1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\WS2_32.dll!connect                                                                                                                                                                                 0000000075776bdd 5 bytes JMP 0000000171f04279
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\WS2_32.dll!send                                                                                                                                                                                    0000000075776f01 5 bytes JMP 0000000171f02139
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\WS2_32.dll!WSARecv                                                                                                                                                                                 0000000075777089 5 bytes JMP 0000000171f06879
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                                                                                                                                                              000000007577cc3f 5 bytes JMP 0000000171f06749
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW                                                                                                                                                                          000000007577d1ea 5 bytes JMP 0000000171f04ef1
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                                                                                                                                           0000000075787673 5 bytes JMP 0000000171f04f89
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\DNSAPI.dll!DnsQuery_UTF8                                                                                                                                                                           0000000070fd80d2 5 bytes JMP 0000000071f05f91
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\DNSAPI.dll!DnsQuery_W                                                                                                                                                                              0000000070fe572c 5 bytes JMP 0000000071f05ef9
.text    C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\SysWOW64\DNSAPI.dll!DnsQuery_A                                                                                                                                                                              0000000070ffa9b0 5 bytes JMP 0000000071f05e61
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                                                                                     0000000076f21b21 11 bytes [B8, 79, BB, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                                                               0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6                                                                                                                                                           0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                                                                                        0000000076f22b61 8 bytes [B8, 79, D0, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                                                                                       0000000076f22b6a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                                                 0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                                                                                    0000000076f40931 11 bytes [B8, B9, E3, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                                                                                  0000000076f752f1 11 bytes [B8, B9, 7A, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                                                                                  0000000076f75311 11 bytes [B8, 39, 77, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                                                                           0000000076f8a5e0 12 bytes [48, B8, B9, 81, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                                                                           0000000076f8a6f0 12 bytes [48, B8, 39, 7E, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                                                                                              0000000076faf491 11 bytes [B8, 79, D7, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                                                                                              0000000076faf691 11 bytes [B8, F9, D3, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                                                                                        0000000076faf6c1 8 bytes [B8, F9, CC, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                                                                                       0000000076faf6ca 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                                                                                      000007fefd061861 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                                                      000007fefd062db1 11 bytes [B8, 39, AF, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                                                                                   000007fefd063461 11 bytes [B8, F9, B0, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                                       000007fefd068ef0 12 bytes [48, B8, 79, AD, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                                                         000007fefd0694c0 12 bytes [48, B8, B9, 50, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                                                   000007fefd06bfd1 11 bytes [B8, B9, AB, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                                                       000007fefd072af1 11 bytes [B8, F9, 4E, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                                                                                   000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                                                 000007fefd0a0c11 11 bytes [B8, 79, C9, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                                                                               000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                                                                              000007fefd0a287a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                                                                                     000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                                                      000007fefd39642d 11 bytes [B8, 39, 5B, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                                                            000007fefd396484 12 bytes [48, B8, F9, 55, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                                                  000007fefd396519 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                                                            000007fefd396c34 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                                                       000007fefd397ab5 11 bytes [B8, F9, 5C, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                                                   000007fefd398b01 11 bytes [B8, B9, 57, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3728] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                                                   000007fefd398c39 11 bytes [B8, 79, 59, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                                                          00000000771792d1 5 bytes [B8, 39, 69, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                                                          00000000771792d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                                                               0000000077191330 6 bytes [48, B8, F9, EF, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                                                           0000000077191338 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                   00000000771913a0 6 bytes [48, B8, 39, BD, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                                                               00000000771913a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                                                   0000000077191470 6 bytes [48, B8, F9, A9, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                                               0000000077191478 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                             0000000077191510 6 bytes [48, B8, F9, 32, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                                                         0000000077191518 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                        0000000077191530 6 bytes [48, B8, 39, 1C, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                                                    0000000077191538 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                                                      0000000077191550 6 bytes [48, B8, F9, 1D, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                                                  0000000077191558 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                        0000000077191570 6 bytes [48, B8, 39, A8, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                                                    0000000077191578 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                             0000000077191620 6 bytes [48, B8, 79, EC, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                                                         0000000077191628 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                      0000000077191650 6 bytes [48, B8, 79, 2F, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                                                  0000000077191658 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                         0000000077191670 6 bytes [48, B8, 79, 36, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                                                     0000000077191678 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                          0000000077191700 6 bytes [48, B8, B9, 34, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                                                      0000000077191708 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                           0000000077191750 6 bytes [48, B8, B9, F1, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                                                       0000000077191758 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                                                         0000000077191780 6 bytes [48, B8, 39, 2A, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                                                     0000000077191788 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                            0000000077191790 6 bytes [48, B8, B9, 26, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                                                        0000000077191798 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                              0000000077191800 6 bytes [48, B8, 39, EE, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                                                          0000000077191808 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                                             00000000771918b0 6 bytes [48, B8, 39, F5, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                                                         00000000771918b8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                            0000000077191c80 6 bytes [48, B8, B9, EA, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                                                        0000000077191c88 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                                           0000000077191cd0 6 bytes [48, B8, 79, 28, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                                                       0000000077191cd8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                          0000000077191d30 6 bytes [48, B8, F9, 24, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                                                      0000000077191d38 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                              00000000771920a0 6 bytes [48, B8, F9, BE, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                                                          00000000771920a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                                                          00000000771925e0 6 bytes [48, B8, 79, 83, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                                                      00000000771925e8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                        00000000771927e0 6 bytes [48, B8, 39, 31, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                                                    00000000771927e8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                    00000000771929a0 6 bytes [48, B8, B9, C0, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                                                00000000771929a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                          0000000077192a80 6 bytes [48, B8, 79, 3D, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                                                      0000000077192a88 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                           0000000077192a90 6 bytes [48, B8, B9, 3B, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                                                       0000000077192a98 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                      0000000077192aa0 6 bytes [48, B8, 79, F3, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                                                  0000000077192aa8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                              0000000077192b80 6 bytes [48, B8, 79, E5, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8
         

Alt 02.02.2015, 18:12   #12
Phil101
 
Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp - Standard

Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp



Teil 9
Code:
ATTFilter
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                                                    0000000077203201 11 bytes [B8, 39, 85, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                                                     0000000076f21b21 11 bytes [B8, 79, BB, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                               0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6                                                                                                                           0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                                                        0000000076f22b61 8 bytes [B8, 79, D0, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                                                       0000000076f22b6a 2 bytes [50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                 0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                                                    0000000076f40931 11 bytes [B8, B9, E3, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                                                  0000000076f752f1 11 bytes [B8, B9, 7A, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                                                  0000000076f75311 11 bytes [B8, 39, 77, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                                           0000000076f8a5e0 12 bytes [48, B8, B9, 81, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                                           0000000076f8a6f0 12 bytes [48, B8, 39, 7E, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                                                              0000000076faf491 11 bytes [B8, 79, D7, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                                                              0000000076faf691 11 bytes [B8, F9, D3, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                                                        0000000076faf6c1 8 bytes [B8, F9, CC, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                                                       0000000076faf6ca 2 bytes [50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                                                      000007fefd061861 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                      000007fefd062db1 11 bytes [B8, 39, AF, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                                                   000007fefd063461 11 bytes [B8, F9, B0, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                       000007fefd068ef0 12 bytes [48, B8, 79, AD, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                         000007fefd0694c0 12 bytes [48, B8, B9, 50, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                   000007fefd06bfd1 11 bytes [B8, B9, AB, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                       000007fefd072af1 11 bytes [B8, F9, 4E, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                                                   000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                 000007fefd0a0c11 11 bytes [B8, 79, C9, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                                               000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                                              000007fefd0a287a 2 bytes [50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                                                     000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                                              000007fefd9213b1 11 bytes [B8, 79, A6, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                                              000007fefd9218e0 12 bytes [48, B8, B9, A4, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                                                           000007fefd921bd1 11 bytes [B8, F9, A2, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                                              000007fefd922201 11 bytes [B8, 39, E0, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                                             000007fefd9223c0 12 bytes [48, B8, 39, 8C, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\WS2_32.dll!connect                                                                                                                                                  000007fefd9245c0 12 bytes [48, B8, 79, 67, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                                                 000007fefd928001 11 bytes [B8, 39, A1, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                                                            000007fefd928df0 7 bytes [48, B8, B9, 8F, 65, 73, 00]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                                                        000007fefd928df9 3 bytes [00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                                                           000007fefd92c090 12 bytes [48, B8, F9, 8D, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                                               000007fefd92de91 11 bytes [B8, 39, D9, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                                                 000007fefd92df41 11 bytes [B8, 79, DE, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                                           000007fefd94e0f1 11 bytes [B8, B9, DC, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                      000007fefd39642d 11 bytes [B8, 39, 5B, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                            000007fefd396484 12 bytes [48, B8, F9, 55, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                  000007fefd396519 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                            000007fefd396c34 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                       000007fefd397ab5 11 bytes [B8, F9, 5C, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                   000007fefd398b01 11 bytes [B8, B9, 57, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                   000007fefd398c39 11 bytes [B8, 79, 59, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                                                                                     000007fefedc4ea1 11 bytes [B8, 39, FC, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                                                         000007fefedc55c8 12 bytes [48, B8, B9, 6C, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                                                         000007fefeddb85c 12 bytes [48, B8, F9, 6A, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                                                                                   000007fefeddb9d0 12 bytes [48, B8, 79, 60, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA                                                                                                                                   000007fefeddba3c 12 bytes [48, B8, B9, 5E, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8                                                                                                                                            000007fefc5656e0 12 bytes [48, B8, F9, C5, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\DNSAPI.dll!DnsQuery_W                                                                                                                                               000007fefc57010c 12 bytes [48, B8, 39, C4, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3812] C:\Windows\system32\DNSAPI.dll!DnsQuery_A                                                                                                                                               000007fefc58daa0 12 bytes [48, B8, 79, C2, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                                                          00000000771792d1 5 bytes [B8, 39, 69, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                                                          00000000771792d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                                                               0000000077191330 6 bytes [48, B8, F9, EF, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                                                           0000000077191338 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                   00000000771913a0 6 bytes [48, B8, 39, BD, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                                                               00000000771913a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                                                   0000000077191470 6 bytes [48, B8, F9, A9, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                                               0000000077191478 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                             0000000077191510 6 bytes [48, B8, F9, 32, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                                                         0000000077191518 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                        0000000077191530 6 bytes [48, B8, 39, 1C, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                                                    0000000077191538 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                                                      0000000077191550 6 bytes [48, B8, F9, 1D, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                                                  0000000077191558 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                        0000000077191570 6 bytes [48, B8, 39, A8, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                                                    0000000077191578 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                             0000000077191620 6 bytes [48, B8, 79, EC, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                                                         0000000077191628 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                      0000000077191650 6 bytes [48, B8, 79, 2F, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                                                  0000000077191658 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                         0000000077191670 6 bytes [48, B8, 79, 36, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                                                     0000000077191678 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                          0000000077191700 6 bytes [48, B8, B9, 34, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                                                      0000000077191708 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                           0000000077191750 6 bytes [48, B8, B9, F1, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                                                       0000000077191758 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                                                         0000000077191780 6 bytes [48, B8, 39, 2A, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                                                     0000000077191788 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                            0000000077191790 6 bytes [48, B8, B9, 26, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                                                        0000000077191798 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                              0000000077191800 6 bytes [48, B8, 39, EE, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                                                          0000000077191808 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                                             00000000771918b0 6 bytes [48, B8, 39, F5, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                                                         00000000771918b8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                            0000000077191c80 6 bytes [48, B8, B9, EA, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                                                        0000000077191c88 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                                           0000000077191cd0 6 bytes [48, B8, 79, 28, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                                                       0000000077191cd8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                          0000000077191d30 6 bytes [48, B8, F9, 24, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                                                      0000000077191d38 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                              00000000771920a0 6 bytes [48, B8, F9, BE, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                                                          00000000771920a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                                                          00000000771925e0 6 bytes [48, B8, 79, 83, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                                                      00000000771925e8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                        00000000771927e0 6 bytes [48, B8, 39, 31, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                                                    00000000771927e8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                    00000000771929a0 6 bytes [48, B8, B9, C0, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                                                00000000771929a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                          0000000077192a80 6 bytes [48, B8, 79, 3D, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                                                      0000000077192a88 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                           0000000077192a90 6 bytes [48, B8, B9, 3B, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                                                       0000000077192a98 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                      0000000077192aa0 6 bytes [48, B8, 79, F3, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                                                  0000000077192aa8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                              0000000077192b80 6 bytes [48, B8, 79, E5, 65, 73]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                                                          0000000077192b88 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                                                    0000000077203201 11 bytes [B8, 39, 85, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                                                     0000000076f21b21 11 bytes [B8, 79, BB, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                               0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6                                                                                                                           0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                                                        0000000076f22b61 8 bytes [B8, 79, D0, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                                                       0000000076f22b6a 2 bytes [50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                 0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                                                    0000000076f40931 11 bytes [B8, B9, E3, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                                                  0000000076f752f1 11 bytes [B8, B9, 7A, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                                                  0000000076f75311 11 bytes [B8, 39, 77, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                                           0000000076f8a5e0 12 bytes [48, B8, B9, 81, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                                           0000000076f8a6f0 12 bytes [48, B8, 39, 7E, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                                                              0000000076faf491 11 bytes [B8, 79, D7, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                                                              0000000076faf691 11 bytes [B8, F9, D3, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                                                        0000000076faf6c1 8 bytes [B8, F9, CC, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                                                       0000000076faf6ca 2 bytes [50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                                                      000007fefd061861 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                      000007fefd062db1 11 bytes [B8, 39, AF, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                                                   000007fefd063461 11 bytes [B8, F9, B0, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                       000007fefd068ef0 12 bytes [48, B8, 79, AD, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                         000007fefd0694c0 12 bytes [48, B8, B9, 50, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                   000007fefd06bfd1 11 bytes [B8, B9, AB, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                       000007fefd072af1 11 bytes [B8, F9, 4E, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                                                   000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                 000007fefd0a0c11 11 bytes [B8, 79, C9, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                                               000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                                              000007fefd0a287a 2 bytes [50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                                                     000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                                              000007fefd9213b1 11 bytes [B8, 79, A6, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                                              000007fefd9218e0 12 bytes [48, B8, B9, A4, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                                                           000007fefd921bd1 11 bytes [B8, F9, A2, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                                              000007fefd922201 11 bytes [B8, 39, E0, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                                             000007fefd9223c0 12 bytes [48, B8, 39, 8C, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\WS2_32.dll!connect                                                                                                                                                  000007fefd9245c0 12 bytes [48, B8, 79, 67, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                                                 000007fefd928001 11 bytes [B8, 39, A1, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                                                            000007fefd928df0 7 bytes [48, B8, B9, 8F, 65, 73, 00]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                                                        000007fefd928df9 3 bytes [00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                                                           000007fefd92c090 12 bytes [48, B8, F9, 8D, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                                               000007fefd92de91 11 bytes [B8, 39, D9, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                                                 000007fefd92df41 11 bytes [B8, 79, DE, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                                           000007fefd94e0f1 11 bytes [B8, B9, DC, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                      000007fefd39642d 11 bytes [B8, 39, 5B, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                            000007fefd396484 12 bytes [48, B8, F9, 55, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                  000007fefd396519 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                            000007fefd396c34 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                       000007fefd397ab5 11 bytes [B8, F9, 5C, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                   000007fefd398b01 11 bytes [B8, B9, 57, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                   000007fefd398c39 11 bytes [B8, 79, 59, 65, 73, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8                                                                                                                                            000007fefc5656e0 12 bytes [48, B8, F9, C5, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\DNSAPI.dll!DnsQuery_W                                                                                                                                               000007fefc57010c 12 bytes [48, B8, 39, C4, 65, 73, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4004] C:\Windows\system32\DNSAPI.dll!DnsQuery_A                                                                                                                                               000007fefc58daa0 12 bytes [48, B8, 79, C2, 65, 73, 00, ...]
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                                                                                                                          000000007733f928 5 bytes JMP 0000000171f07589
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                                                              000000007733f9e0 5 bytes JMP 0000000171f06619
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                                                                                                              000000007733fb28 5 bytes JMP 0000000171f06029
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                                                                                                        000000007733fc20 5 bytes JMP 0000000171f031d9
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                                                                                   000000007733fc50 5 bytes JMP 0000000171f015f1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                                                                                                 000000007733fc80 5 bytes JMP 0000000171f01689
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                                                                   000000007733fcb0 5 bytes JMP 0000000171f05f91
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                                                                        000000007733fdc8 5 bytes JMP 0000000171f074f1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                 000000007733fe14 5 bytes JMP 0000000171f030a9
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                                                                                    000000007733fe44 5 bytes JMP 0000000171f03309
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                                                                                                     000000007733ff24 5 bytes JMP 0000000171f03271
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                                                                      000000007733ffa4 5 bytes JMP 0000000171f07621
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                                                                                                                    000000007733ffec 5 bytes JMP 0000000171f02ee1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                                                                       0000000077340004 5 bytes JMP 0000000171f02db1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                                                         00000000773400b4 5 bytes JMP 0000000171f01ed9
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                                                                        00000000773401c4 5 bytes JMP 0000000171f02301
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                                                                                       000000007734079c 5 bytes JMP 0000000171f07459
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                                                                                                                      0000000077340814 5 bytes JMP 0000000171f02e49
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                                                                     00000000773408a4 5 bytes JMP 0000000171f02d19
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                                                                         0000000077340df4 5 bytes JMP 0000000171f066b1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                                                                                                                     0000000077341604 5 bytes JMP 0000000171f04ac9
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                                                                                   0000000077341920 5 bytes JMP 0000000171f03141
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                                                               0000000077341be4 5 bytes JMP 0000000171f06749
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                                                                                                                     0000000077341d54 5 bytes JMP 0000000171f03439
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                                                                                      0000000077341d70 5 bytes JMP 0000000171f033a1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                                                                 0000000077341d8c 5 bytes JMP 0000000171f076b9
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                                                                                                                         0000000077341ee8 5 bytes JMP 0000000171f07291
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                                                                                                                           00000000773588c4 5 bytes JMP 0000000171f01ab1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                                                                                                                         0000000077380d3b 5 bytes JMP 0000000171f02009
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                                                                                                                   00000000773c860f 5 bytes JMP 0000000171f04b61
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                                                                                                                           00000000773ce8ab 5 bytes JMP 0000000171f01f71
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                                                                                                                   00000000754c0e00 5 bytes JMP 0000000171f01da9
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                                                                    00000000754c1072 5 bytes JMP 0000000171f02a21
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                                                                                                      00000000754c499f 5 bytes JMP 0000000171f025f9
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                                                                                            00000000754d3bbb 5 bytes JMP 0000000171f03011
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                                                                                                             00000000754d9aa4 5 bytes JMP 0000000171f06f01
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                                                                                                       00000000754d9b05 5 bytes JMP 0000000171f06ca1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                                          00000000754e7327 5 bytes JMP 0000000171f02729
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                                                                                                                    00000000754e88da 5 bytes JMP 0000000171f06581
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                                                                                                       00000000754eccb1 5 bytes JMP 0000000171f06b71
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA                                                                                                                                             00000000754eccd1 5 bytes JMP 0000000171f06dd1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                                                                                           0000000075542ff1 5 bytes JMP 0000000171f028f1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                                                                                                                 000000007556748b 5 bytes JMP 0000000171f046a1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                                                                                                                 00000000755674ae 5 bytes JMP 0000000171f047d1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                                                                                                                      0000000075567859 5 bytes JMP 0000000171f04901
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                                                                                                                      00000000755678d2 5 bytes JMP 0000000171f04a31
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                                                                                                                                         0000000075948f8d 5 bytes JMP 0000000171f01a19
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle                                                                                                                                                     000000007594c436 5 bytes JMP 0000000171f03b59
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                                                                                                                              000000007594eca6 5 bytes JMP 0000000171f03601
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess                                                                                                                                                     000000007594f206 5 bytes JMP 0000000171f02399
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                                                                                                                                 000000007594fa89 5 bytes JMP 0000000171f01e41
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW                                                                                                                                                000000007594fbb7 5 bytes JMP 0000000171f06a41
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW                                                                                                                                                    0000000075951358 5 bytes JMP 0000000171f03ac1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW                                                                                                                                                      000000007595137f 5 bytes JMP 0000000171f03a29
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                                                                0000000075951d29 5 bytes JMP 0000000171f01981
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress                                                                                                                                                  0000000075951e15 5 bytes JMP 0000000171f024c9
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                  0000000075952ab1 5 bytes JMP 0000000171f06159
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                                                                                                                                  0000000075952cd9 5 bytes JMP 0000000171f060c1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                                                                     0000000075952d17 5 bytes JMP 0000000171f061f1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                                                                                                                                0000000075952e7a 5 bytes JMP 0000000171f018e9
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!SleepEx                                                                                                                                                         0000000075953b70 5 bytes JMP 0000000171f02269
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!Sleep                                                                                                                                                           0000000075954496 5 bytes JMP 0000000171f02431
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!CreateThread                                                                                                                                                    0000000075954608 5 bytes JMP 0000000171f03569
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                                                                                                                              0000000075954631 5 bytes JMP 0000000171f02c81
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA                                                                                                                                                     000000007595c734 5 bytes JMP 0000000171f027c1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\msvcrt.dll!_lock + 41                                                                                                                                                          000000007607a472 5 bytes JMP 0000000171f07751
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\msvcrt.dll!__p__fmode                                                                                                                                                          00000000760827ce 5 bytes JMP 0000000171f01be1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\msvcrt.dll!__p__environ                                                                                                                                                        000000007608e6cf 5 bytes JMP 0000000171f01b49
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                                                                                                         0000000075d778e2 5 bytes JMP 0000000171f04441
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                                                                                                         0000000075d77bd3 5 bytes JMP 0000000171f043a9
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                                                                     0000000075d78a29 5 bytes JMP 0000000171f05909
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!FindWindowW                                                                                                                                                         0000000075d798fd 5 bytes JMP 0000000171f063b9
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize                                                                                                                                             0000000075d7b6ed 5 bytes JMP 0000000171f077e9
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                                                                                                     0000000075d7d22e 5 bytes JMP 0000000171f059a1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                                                                                     0000000075d7ee09 5 bytes JMP 0000000171f034d1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!FindWindowA                                                                                                                                                         0000000075d7ffe6 5 bytes JMP 0000000171f06289
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!FindWindowExA                                                                                                                                                       0000000075d800d9 5 bytes JMP 0000000171f06321
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                                                                                                        0000000075d805ba 5 bytes JMP 0000000171f04571
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!ShowWindow                                                                                                                                                          0000000075d80dfb 5 bytes JMP 0000000171f05a39
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                                                                        0000000075d812a5 5 bytes JMP 0000000171f073c1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                                                                                                                      0000000075d820ec 5 bytes JMP 0000000171f05dc9
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                                                                        0000000075d83baa 5 bytes JMP 0000000171f07329
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                                                                                                        0000000075d85f74 5 bytes JMP 0000000171f044d9
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!CallNextHookEx                                                                                                                                                      0000000075d86285 5 bytes JMP 0000000171f04bf9
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                                                                                   0000000075d87603 5 bytes JMP 0000000171f02be9
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                                                                                                                      0000000075d87aee 5 bytes JMP 0000000171f05d31
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                                                                                   0000000075d8835c 5 bytes JMP 0000000171f02b51
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                                                                                                                                          0000000075d9ce54 5 bytes JMP 0000000171f05b69
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                                                                                                 0000000075d9f52b 5 bytes JMP 0000000171f04c91
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!FindWindowExW                                                                                                                                                       0000000075d9f588 5 bytes JMP 0000000171f06451
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                                                                                                                                       0000000075da10a0 5 bytes JMP 0000000171f05ad1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                                                                                                       0000000075dcfcd6 5 bytes JMP 0000000171f05c01
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                                                                                                       0000000075dcfcfa 5 bytes JMP 0000000171f05c99
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW                                                                                                                                                      0000000074d2c9ec 5 bytes JMP 0000000171f03c89
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA                                                                                                                                                      0000000074d32b70 5 bytes JMP 0000000171f03bf1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                                                                                                                                0000000074d3361c 5 bytes JMP 0000000171f040b1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                                                                                                                               0000000074d34965 5 bytes JMP 0000000171f07881
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                                                                                                    0000000074d470c4 5 bytes JMP 0000000171f04311
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\ADVAPI32.dll!ControlService                                                                                                                                                    0000000074d470dc 5 bytes JMP 0000000171f03e51
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\ADVAPI32.dll!DeleteService                                                                                                                                                     0000000074d470f4 5 bytes JMP 0000000171f03ee9
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                                                                                                                              0000000074d631f4 5 bytes JMP 0000000171f03f81
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                                                                                                                              0000000074d63204 5 bytes JMP 0000000171f04019
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA                                                                                                                                                 0000000074d63214 5 bytes JMP 0000000171f03d21
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW                                                                                                                                                 0000000074d63224 5 bytes JMP 0000000171f03db9
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                                                                                                    0000000074d63264 5 bytes JMP 0000000171f04279
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\WS2_32.dll!closesocket                                                                                                                                                         0000000075773918 5 bytes JMP 0000000171f05ef9
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\WS2_32.dll!WSASocketW                                                                                                                                                          0000000075773cd3 5 bytes JMP 0000000171f05e61
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\WS2_32.dll!socket                                                                                                                                                              0000000075773eb8 5 bytes JMP 0000000171f06f99
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\WS2_32.dll!WSASend                                                                                                                                                             0000000075774406 5 bytes JMP 0000000171f02139
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW                                                                                                                                                        0000000075774889 5 bytes JMP 0000000171f05741
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\WS2_32.dll!recv                                                                                                                                                                0000000075776b0e 5 bytes JMP 0000000171f07161
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\WS2_32.dll!connect                                                                                                                                                             0000000075776bdd 1 byte JMP 0000000171f041e1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\WS2_32.dll!connect + 2                                                                                                                                                         0000000075776bdf 3 bytes {CALL RBP}
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\WS2_32.dll!send                                                                                                                                                                0000000075776f01 5 bytes JMP 0000000171f020a1
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\WS2_32.dll!WSARecv                                                                                                                                                             0000000075777089 5 bytes JMP 0000000171f071f9
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                                                                                                                                          000000007577cc3f 5 bytes JMP 0000000171f070c9
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW                                                                                                                                                      000000007577d1ea 5 bytes JMP 0000000171f057d9
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                                                                                                                       0000000075787673 5 bytes JMP 0000000171f05871
.text    C:\ProgramData\TVersity\Media Server\MediaServer.exe[4068] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                                                                                                                                  0000000076150179 5 bytes JMP 0000000171f04d29
         

Alt 02.02.2015, 18:13   #13
Phil101
 
Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp - Standard

Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp



Teil 10
Code:
ATTFilter
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtReadFile                                                                                                                                                       000000007733f8f0 5 bytes JMP 0000000171f06619
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                                                                                                                      000000007733f928 5 bytes JMP 0000000171f06ca1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                                                          000000007733f9e0 5 bytes JMP 0000000171f05c99
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                                                                                                          000000007733fb28 5 bytes JMP 0000000171f056a9
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                                                                                                    000000007733fc20 5 bytes JMP 0000000171f031d9
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                                                                               000000007733fc50 5 bytes JMP 0000000171f015f1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                                                                                             000000007733fc80 5 bytes JMP 0000000171f01689
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                                                               000000007733fcb0 5 bytes JMP 0000000171f05611
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                                                                    000000007733fdc8 5 bytes JMP 0000000171f06c09
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                                                                             000000007733fe14 5 bytes JMP 0000000171f030a9
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                                                                                000000007733fe44 5 bytes JMP 0000000171f03309
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                                                                                                 000000007733ff24 5 bytes JMP 0000000171f03271
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                                                                  000000007733ffa4 5 bytes JMP 0000000171f06d39
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                                                                                                                000000007733ffec 5 bytes JMP 0000000171f02ee1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                                                                   0000000077340004 5 bytes JMP 0000000171f02db1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                                                     00000000773400b4 5 bytes JMP 0000000171f01ed9
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                                                                    00000000773401c4 5 bytes JMP 0000000171f02301
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                                                                                   000000007734079c 5 bytes JMP 0000000171f06b71
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                                                                                                                  0000000077340814 5 bytes JMP 0000000171f02e49
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                                                                 00000000773408a4 5 bytes JMP 0000000171f02d19
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                                                                     0000000077340df4 5 bytes JMP 0000000171f05d31
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                                                                                                                 0000000077341604 5 bytes JMP 0000000171f04ac9
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                                                                               0000000077341920 5 bytes JMP 0000000171f03141
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                                                           0000000077341be4 5 bytes JMP 0000000171f05dc9
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                                                                                                                 0000000077341d54 5 bytes JMP 0000000171f03439
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                                                                                  0000000077341d70 5 bytes JMP 0000000171f033a1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                                                             0000000077341d8c 5 bytes JMP 0000000171f06dd1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                                                                                                                     0000000077341ee8 5 bytes JMP 0000000171f069a9
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                                                                                                                       00000000773588c4 5 bytes JMP 0000000171f01ab1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                                                                                                                     0000000077380d3b 5 bytes JMP 0000000171f02009
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                                                                                                               00000000773c860f 5 bytes JMP 0000000171f04b61
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                                                                                                                       00000000773ce8ab 5 bytes JMP 0000000171f01f71
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                                                                                                               00000000754c0e00 5 bytes JMP 0000000171f01da9
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                                                                00000000754c1072 5 bytes JMP 0000000171f02a21
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                                                                                                  00000000754c499f 5 bytes JMP 0000000171f025f9
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                                                                                        00000000754d3bbb 5 bytes JMP 0000000171f03011
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                                                                                                         00000000754d9aa4 5 bytes JMP 0000000171f06581
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                                                                                                   00000000754d9b05 5 bytes JMP 0000000171f06321
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                                      00000000754e7327 5 bytes JMP 0000000171f02729
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                                                                                                                00000000754e88da 5 bytes JMP 0000000171f05c01
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                                                                                                   00000000754eccb1 5 bytes JMP 0000000171f061f1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA                                                                                                                                         00000000754eccd1 5 bytes JMP 0000000171f06451
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                                                                                       0000000075542ff1 5 bytes JMP 0000000171f028f1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                                                                                                             000000007556748b 5 bytes JMP 0000000171f046a1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                                                                                                             00000000755674ae 5 bytes JMP 0000000171f047d1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                                                                                                                  0000000075567859 5 bytes JMP 0000000171f04901
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                                                                                                                  00000000755678d2 5 bytes JMP 0000000171f04a31
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                                                                                                                                     0000000075948f8d 5 bytes JMP 0000000171f01a19
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle                                                                                                                                                 000000007594c436 5 bytes JMP 0000000171f03b59
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                                                                                                                          000000007594eca6 5 bytes JMP 0000000171f03601
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess                                                                                                                                                 000000007594f206 5 bytes JMP 0000000171f02399
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                                                                                                                             000000007594fa89 5 bytes JMP 0000000171f01e41
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW                                                                                                                                            000000007594fbb7 5 bytes JMP 0000000171f060c1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW                                                                                                                                                0000000075951358 5 bytes JMP 0000000171f03ac1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW                                                                                                                                                  000000007595137f 5 bytes JMP 0000000171f03a29
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                                                            0000000075951d29 5 bytes JMP 0000000171f01981
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress                                                                                                                                              0000000075951e15 5 bytes JMP 0000000171f024c9
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                                                              0000000075952ab1 5 bytes JMP 0000000171f057d9
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                                                                                                                              0000000075952cd9 5 bytes JMP 0000000171f05741
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                                                                 0000000075952d17 5 bytes JMP 0000000171f05871
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                                                                                                                            0000000075952e7a 5 bytes JMP 0000000171f018e9
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!SleepEx                                                                                                                                                     0000000075953b70 5 bytes JMP 0000000171f02269
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!Sleep                                                                                                                                                       0000000075954496 5 bytes JMP 0000000171f02431
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!CreateThread                                                                                                                                                0000000075954608 5 bytes JMP 0000000171f03569
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                                                                                                                          0000000075954631 5 bytes JMP 0000000171f02c81
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA                                                                                                                                                 000000007595c734 5 bytes JMP 0000000171f027c1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                                                                                                     0000000075d778e2 5 bytes JMP 0000000171f04441
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                                                                                                     0000000075d77bd3 5 bytes JMP 0000000171f043a9
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                                                                 0000000075d78a29 5 bytes JMP 0000000171f04f89
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!FindWindowW                                                                                                                                                     0000000075d798fd 5 bytes JMP 0000000171f05a39
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize                                                                                                                                         0000000075d7b6ed 5 bytes JMP 0000000171f06e69
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                                                                                                 0000000075d7d22e 5 bytes JMP 0000000171f05021
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                                                                                 0000000075d7ee09 5 bytes JMP 0000000171f034d1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!FindWindowA                                                                                                                                                     0000000075d7ffe6 5 bytes JMP 0000000171f05909
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!FindWindowExA                                                                                                                                                   0000000075d800d9 5 bytes JMP 0000000171f059a1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                                                                                                    0000000075d805ba 5 bytes JMP 0000000171f04571
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!ShowWindow                                                                                                                                                      0000000075d80dfb 5 bytes JMP 0000000171f050b9
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                                                                    0000000075d812a5 5 bytes JMP 0000000171f06ad9
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                                                                                                                  0000000075d820ec 5 bytes JMP 0000000171f05449
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                                                                    0000000075d83baa 5 bytes JMP 0000000171f06a41
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                                                                                                    0000000075d85f74 5 bytes JMP 0000000171f044d9
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!CallNextHookEx                                                                                                                                                  0000000075d86285 5 bytes JMP 0000000171f04bf9
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                                                                               0000000075d87603 5 bytes JMP 0000000171f02be9
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                                                                                                                  0000000075d87aee 5 bytes JMP 0000000171f053b1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                                                                               0000000075d8835c 5 bytes JMP 0000000171f02b51
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                                                                                                                                      0000000075d9ce54 5 bytes JMP 0000000171f051e9
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                                                                                             0000000075d9f52b 5 bytes JMP 0000000171f04c91
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!FindWindowExW                                                                                                                                                   0000000075d9f588 5 bytes JMP 0000000171f05ad1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                                                                                                                                   0000000075da10a0 5 bytes JMP 0000000171f05151
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                                                                                                   0000000075dcfcd6 2 bytes JMP 0000000171f05281
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3                                                                                                                                               0000000075dcfcd9 2 bytes [13, FC]
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                                                                                                   0000000075dcfcfa 5 bytes JMP 0000000171f05319
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\msvcrt.dll!_lock + 41                                                                                                                                                      000000007607a472 5 bytes JMP 0000000171f06f01
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\msvcrt.dll!__p__fmode                                                                                                                                                      00000000760827ce 5 bytes JMP 0000000171f01be1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\msvcrt.dll!__p__environ                                                                                                                                                    000000007608e6cf 5 bytes JMP 0000000171f01b49
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW                                                                                                                                                  0000000074d2c9ec 5 bytes JMP 0000000171f03c89
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA                                                                                                                                                  0000000074d32b70 5 bytes JMP 0000000171f03bf1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                                                                                                                            0000000074d3361c 5 bytes JMP 0000000171f040b1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                                                                                                                           0000000074d34965 5 bytes JMP 0000000171f06f99
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                                                                                                0000000074d470c4 5 bytes JMP 0000000171f04311
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\ADVAPI32.dll!ControlService                                                                                                                                                0000000074d470dc 5 bytes JMP 0000000171f03e51
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\ADVAPI32.dll!DeleteService                                                                                                                                                 0000000074d470f4 5 bytes JMP 0000000171f03ee9
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                                                                                                                          0000000074d631f4 5 bytes JMP 0000000171f03f81
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                                                                                                                          0000000074d63204 5 bytes JMP 0000000171f04019
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA                                                                                                                                             0000000074d63214 5 bytes JMP 0000000171f03d21
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW                                                                                                                                             0000000074d63224 5 bytes JMP 0000000171f03db9
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                                                                                                0000000074d63264 5 bytes JMP 0000000171f04279
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\WS2_32.dll!closesocket                                                                                                                                                     0000000075773918 5 bytes JMP 0000000171f05579
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\WS2_32.dll!WSASocketW                                                                                                                                                      0000000075773cd3 5 bytes JMP 0000000171f054e1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\WS2_32.dll!socket                                                                                                                                                          0000000075773eb8 5 bytes JMP 0000000171f066b1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\WS2_32.dll!WSASend                                                                                                                                                         0000000075774406 5 bytes JMP 0000000171f02139
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW                                                                                                                                                    0000000075774889 5 bytes JMP 0000000171f04dc1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\WS2_32.dll!recv                                                                                                                                                            0000000075776b0e 5 bytes JMP 0000000171f06879
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\WS2_32.dll!connect                                                                                                                                                         0000000075776bdd 1 byte JMP 0000000171f041e1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\WS2_32.dll!connect + 2                                                                                                                                                     0000000075776bdf 3 bytes {CALL RBP}
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\WS2_32.dll!send                                                                                                                                                            0000000075776f01 5 bytes JMP 0000000171f020a1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\WS2_32.dll!WSARecv                                                                                                                                                         0000000075777089 5 bytes JMP 0000000171f06911
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                                                                                                                                      000000007577cc3f 5 bytes JMP 0000000171f067e1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW                                                                                                                                                  000000007577d1ea 5 bytes JMP 0000000171f04e59
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                                                                                                                   0000000075787673 5 bytes JMP 0000000171f04ef1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                                                                                                                              0000000076150179 5 bytes JMP 0000000171f04d29
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\urlmon.dll!CreateUri + 128                                                                                                                                                 0000000074dd2b30 5 bytes JMP 0000000171f07161
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW                                                                                                                                         0000000074e0ec50 5 bytes JMP 0000000171f04149
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW                                                                                                                                              0000000074e0f560 5 bytes JMP 0000000171f021d1
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA                                                                                                                                              0000000074e8ec10 5 bytes JMP 0000000171f02ab9
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                                                                                                        0000000076d91465 2 bytes [D9, 76]
.text    C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe[3604] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                                                                                                       0000000076d914bb 2 bytes [D9, 76]
.text    ...                                                                                                                                                                                                                                                           * 2
.text    C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                            0000000077191570 6 bytes [48, B8, F0, 12, 71, 01]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                                                        0000000077191578 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[3800] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1                                                                                                                               0000000076fbb7e1 11 bytes [B8, F0, 12, 88, 01, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                                                                                    00000000771792d1 5 bytes [B8, 39, 69, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                                                                                    00000000771792d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                                                                                         0000000077191330 6 bytes [48, B8, F9, EF, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                                                                                     0000000077191338 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                                             00000000771913a0 6 bytes [48, B8, 39, BD, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                                                                                         00000000771913a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                                                                             0000000077191470 6 bytes [48, B8, F9, A9, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                                                                         0000000077191478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                       0000000077191510 6 bytes [48, B8, F9, 32, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                                                                                   0000000077191518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                  0000000077191530 6 bytes [48, B8, 39, 1C, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                                                                              0000000077191538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                                                                                0000000077191550 6 bytes [48, B8, F9, 1D, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                                                                            0000000077191558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                  0000000077191570 6 bytes [48, B8, 39, A8, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                                                                              0000000077191578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                       0000000077191620 6 bytes [48, B8, 79, EC, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                                                                                   0000000077191628 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                0000000077191650 6 bytes [48, B8, 79, 2F, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                                                                            0000000077191658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                   0000000077191670 6 bytes [48, B8, 79, 36, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                                                                               0000000077191678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                    0000000077191700 6 bytes [48, B8, B9, 34, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                                                                                0000000077191708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                     0000000077191750 6 bytes [48, B8, B9, F1, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                                                                                 0000000077191758 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                                                                                   0000000077191780 6 bytes [48, B8, 39, 2A, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                                                                               0000000077191788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                      0000000077191790 6 bytes [48, B8, B9, 26, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                                                                                  0000000077191798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                                                        0000000077191800 6 bytes [48, B8, 39, EE, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                                                                                    0000000077191808 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                                                                       00000000771918b0 6 bytes [48, B8, 39, F5, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                                                                                   00000000771918b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                      0000000077191c80 6 bytes [48, B8, B9, EA, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                                                                                  0000000077191c88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                                                                     0000000077191cd0 6 bytes [48, B8, 79, 28, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                                                                                 0000000077191cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                    0000000077191d30 6 bytes [48, B8, F9, 24, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                                                                                0000000077191d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                        00000000771920a0 6 bytes [48, B8, F9, BE, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                                                                                    00000000771920a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                                                                                    00000000771925e0 6 bytes [48, B8, 79, 83, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                                                                                00000000771925e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                  00000000771927e0 6 bytes [48, B8, 39, 31, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                                                                              00000000771927e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                              00000000771929a0 6 bytes [48, B8, B9, C0, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                                                                          00000000771929a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                    0000000077192a80 6 bytes [48, B8, 79, 3D, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                                                                                0000000077192a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                     0000000077192a90 6 bytes [48, B8, B9, 3B, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                                                                                 0000000077192a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                0000000077192aa0 6 bytes [48, B8, 79, F3, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                                                                            0000000077192aa8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                        0000000077192b80 6 bytes [48, B8, 79, E5, 65, 73]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                                                                                    0000000077192b88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                                                                              0000000077203201 11 bytes [B8, 39, 85, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                                                                                000007fefd061861 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                                                000007fefd062db1 11 bytes [B8, 39, AF, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                                                                             000007fefd063461 11 bytes [B8, F9, B0, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                                 000007fefd068ef0 12 bytes [48, B8, 79, AD, 65, 73, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                                                   000007fefd0694c0 12 bytes [48, B8, B9, 50, 65, 73, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                                             000007fefd06bfd1 11 bytes [B8, B9, AB, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                                                 000007fefd072af1 11 bytes [B8, F9, 4E, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                                                                             000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                                           000007fefd0a0c11 11 bytes [B8, 79, C9, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                                                                         000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                                                                        000007fefd0a287a 2 bytes [50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                                                                               000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                                                000007fefd39642d 11 bytes [B8, 39, 5B, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                                                      000007fefd396484 12 bytes [48, B8, F9, 55, 65, 73, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                                            000007fefd396519 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                                                      000007fefd396c34 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                                                 000007fefd397ab5 11 bytes [B8, F9, 5C, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                                             000007fefd398b01 11 bytes [B8, B9, 57, 65, 73, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[4524] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                                             000007fefd398c39 11 bytes [B8, 79, 59, 65, 73, 00, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                                                                    0000000076f21b21 11 bytes [B8, 79, D7, 65, 73, 00, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                                              0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6                                                                                                                                          0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                                                                       0000000076f22b61 8 bytes [B8, 79, EC, 65, 73, 00, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                                                                      0000000076f22b6a 2 bytes [50, C3]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                                0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                                                                   0000000076f40931 11 bytes [B8, B9, FF, 65, 73, 00, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                                                                 0000000076f752f1 11 bytes [B8, B9, 7A, 65, 73, 00, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                                                                 0000000076f75311 11 bytes [B8, 39, 77, 65, 73, 00, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                                                          0000000076f8a5e0 12 bytes [48, B8, B9, 81, 65, 73, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                                                          0000000076f8a6f0 12 bytes [48, B8, 39, 7E, 65, 73, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                                                                             0000000076faf491 11 bytes [B8, 79, F3, 65, 73, 00, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                                                                             0000000076faf691 11 bytes [B8, F9, EF, 65, 73, 00, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                                                                       0000000076faf6c1 8 bytes [B8, F9, E8, 65, 73, 00, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                                                                      0000000076faf6ca 2 bytes [50, C3]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                                                                     000007fefd061861 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                                     000007fefd062db1 11 bytes [B8, 39, CB, 65, 73, 00, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                                                                  000007fefd063461 11 bytes [B8, F9, CC, 65, 73, 00, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                      000007fefd068ef0 12 bytes [48, B8, 79, C9, 65, 73, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                                        000007fefd0694c0 12 bytes [48, B8, B9, 50, 65, 73, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                                  000007fefd06bfd1 11 bytes [B8, B9, C7, 65, 73, 00, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                                      000007fefd072af1 11 bytes [B8, F9, 4E, 65, 73, 00, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                                                                  000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                                000007fefd0a0c11 11 bytes [B8, 79, E5, 65, 73, 00, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                                                              000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                                                             000007fefd0a287a 2 bytes [50, C3]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                                                                    000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                                                                                                    000007fefedc4ea1 11 bytes [B8, B9, 14, 66, 73, 00, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                                                                        000007fefedc55c8 12 bytes [48, B8, B9, 6C, 65, 73, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                                                                        000007fefeddb85c 12 bytes [48, B8, F9, 6A, 65, 73, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                                                                                                  000007fefeddb9d0 12 bytes [48, B8, 79, 60, 65, 73, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA                                                                                                                                                  000007fefeddba3c 12 bytes [48, B8, B9, 5E, 65, 73, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                                     000007fefd39642d 11 bytes [B8, 39, 5B, 65, 73, 00, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                                           000007fefd396484 12 bytes [48, B8, F9, 55, 65, 73, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                                 000007fefd396519 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                                           000007fefd396c34 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                                      000007fefd397ab5 11 bytes [B8, F9, 5C, 65, 73, 00, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                                  000007fefd398b01 11 bytes [B8, B9, 57, 65, 73, 00, 00, ...]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4700] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1
         

Alt 02.02.2015, 18:17   #14
Phil101
 
Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp - Standard

Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp



Teil 11
Code:
ATTFilter
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                                                                                           00000000771792d1 5 bytes [B8, 39, 69, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                                                                                           00000000771792d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                                                                                                0000000077191330 6 bytes [48, B8, B9, EA, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                                                                                            0000000077191338 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                                                                                    00000000771913a0 6 bytes [48, B8, 39, BD, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                                                                                                00000000771913a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                                                                                    0000000077191470 6 bytes [48, B8, F9, A9, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                                                                                0000000077191478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                              0000000077191510 6 bytes [48, B8, F9, 32, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                                                                                          0000000077191518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                         0000000077191530 6 bytes [48, B8, 39, 1C, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                                                                                     0000000077191538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                                                                                       0000000077191550 6 bytes [48, B8, F9, 1D, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                                                                                   0000000077191558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                         0000000077191570 6 bytes [48, B8, 39, A8, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                                                                                     0000000077191578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                              0000000077191620 6 bytes [48, B8, 39, E7, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                                                                                          0000000077191628 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                       0000000077191650 6 bytes [48, B8, 79, 2F, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                                                                                   0000000077191658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                          0000000077191670 6 bytes [48, B8, 79, 36, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                                                                                      0000000077191678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                                                           0000000077191700 6 bytes [48, B8, B9, 34, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                                                                                       0000000077191708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                            0000000077191750 6 bytes [48, B8, 79, EC, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                                                                                        0000000077191758 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                                                                                          0000000077191780 6 bytes [48, B8, 39, 2A, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                                                                                      0000000077191788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                             0000000077191790 6 bytes [48, B8, B9, 26, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                                                                                         0000000077191798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                                                                               0000000077191800 6 bytes [48, B8, F9, E8, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                                                                                           0000000077191808 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                                                                              00000000771918b0 6 bytes [48, B8, F9, EF, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                                                                                          00000000771918b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                             0000000077191c80 6 bytes [48, B8, 79, E5, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                                                                                         0000000077191c88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                                                                            0000000077191cd0 6 bytes [48, B8, 79, 28, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                                                                                        0000000077191cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                           0000000077191d30 6 bytes [48, B8, F9, 24, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                                                                                       0000000077191d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                               00000000771920a0 6 bytes [48, B8, F9, BE, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                                                                                           00000000771920a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                                                                                           00000000771925e0 6 bytes [48, B8, 79, 83, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                                                                                       00000000771925e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                         00000000771927e0 6 bytes [48, B8, 39, 31, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                                                                                     00000000771927e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                     00000000771929a0 6 bytes [48, B8, B9, C0, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                                                                                 00000000771929a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                           0000000077192a80 6 bytes [48, B8, 79, 3D, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                                                                                       0000000077192a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                            0000000077192a90 6 bytes [48, B8, B9, 3B, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                                                                                        0000000077192a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                       0000000077192aa0 6 bytes [48, B8, 39, EE, 65, 73]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                                                                                   0000000077192aa8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                                                                                     0000000077203201 11 bytes [B8, 39, 85, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                                                                                      0000000076f21b21 11 bytes [B8, 79, BB, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                                                                0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6                                                                                                                                                            0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                                                                                         0000000076f22b61 8 bytes [B8, 79, D0, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                                                                                        0000000076f22b6a 2 bytes [50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                                                  0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                                                                                     0000000076f40931 11 bytes [B8, B9, E3, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                                                                                   0000000076f752f1 11 bytes [B8, B9, 7A, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                                                                                   0000000076f75311 11 bytes [B8, 39, 77, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                                                                            0000000076f8a5e0 12 bytes [48, B8, B9, 81, 65, 73, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                                                                            0000000076f8a6f0 12 bytes [48, B8, 39, 7E, 65, 73, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                                                                                               0000000076faf491 11 bytes [B8, 79, D7, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                                                                                               0000000076faf691 11 bytes [B8, F9, D3, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                                                                                         0000000076faf6c1 8 bytes [B8, F9, CC, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                                                                                        0000000076faf6ca 2 bytes [50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                                                                                       000007fefd061861 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                                                       000007fefd062db1 11 bytes [B8, 39, AF, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                                                                                    000007fefd063461 11 bytes [B8, F9, B0, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                                        000007fefd068ef0 12 bytes [48, B8, 79, AD, 65, 73, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                                                          000007fefd0694c0 12 bytes [48, B8, B9, 50, 65, 73, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                                                    000007fefd06bfd1 11 bytes [B8, B9, AB, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                                                        000007fefd072af1 11 bytes [B8, F9, 4E, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                                                                                    000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                                                  000007fefd0a0c11 11 bytes [B8, 79, C9, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                                                                                000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                                                                               000007fefd0a287a 2 bytes [50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                                                                                      000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                                                       000007fefd39642d 11 bytes [B8, 39, 5B, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                                                             000007fefd396484 12 bytes [48, B8, F9, 55, 65, 73, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                                                   000007fefd396519 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                                                             000007fefd396c34 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                                                        000007fefd397ab5 11 bytes [B8, F9, 5C, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                                                    000007fefd398b01 11 bytes [B8, B9, 57, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                                                    000007fefd398c39 11 bytes [B8, 79, 59, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                                                                               000007fefd9213b1 11 bytes [B8, 79, A6, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                                                                               000007fefd9218e0 12 bytes [48, B8, B9, A4, 65, 73, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                                                                                            000007fefd921bd1 11 bytes [B8, F9, A2, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                                                                               000007fefd922201 11 bytes [B8, 39, E0, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                                                                              000007fefd9223c0 12 bytes [48, B8, 39, 8C, 65, 73, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\WS2_32.dll!connect                                                                                                                                                                                   000007fefd9245c0 12 bytes [48, B8, 79, 67, 65, 73, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                                                                                  000007fefd928001 11 bytes [B8, 39, A1, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                                                                                             000007fefd928df0 7 bytes [48, B8, B9, 8F, 65, 73, 00]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                                                                                         000007fefd928df9 3 bytes [00, 50, C3]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                                                                                            000007fefd92c090 12 bytes [48, B8, F9, 8D, 65, 73, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                                                                                000007fefd92de91 11 bytes [B8, 39, D9, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                                                                                  000007fefd92df41 11 bytes [B8, 79, DE, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                                                                            000007fefd94e0f1 11 bytes [B8, B9, DC, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                                                                                                                      000007fefedc4ea1 11 bytes [B8, 39, F5, 65, 73, 00, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                                                                                          000007fefedc55c8 12 bytes [48, B8, B9, 6C, 65, 73, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                                                                                          000007fefeddb85c 12 bytes [48, B8, F9, 6A, 65, 73, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                                                                                                                    000007fefeddb9d0 12 bytes [48, B8, 79, 60, 65, 73, 00, ...]
.text    C:\Windows\System32\svchost.exe[576] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA                                                                                                                                                                    000007fefeddba3c 12 bytes [48, B8, B9, 5E, 65, 73, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                                                                   0000000076f21b21 11 bytes [B8, 79, BB, 65, 73, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                                             0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6                                                                                                                                         0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                                                                      0000000076f22b61 8 bytes [B8, 79, D0, 65, 73, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                                                                     0000000076f22b6a 2 bytes [50, C3]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                               0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                                                                  0000000076f40931 11 bytes [B8, B9, E3, 65, 73, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                                                                0000000076f752f1 11 bytes [B8, B9, 7A, 65, 73, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                                                                0000000076f75311 11 bytes [B8, 39, 77, 65, 73, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                                                         0000000076f8a5e0 12 bytes [48, B8, B9, 81, 65, 73, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                                                         0000000076f8a6f0 12 bytes [48, B8, 39, 7E, 65, 73, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                                                                            0000000076faf491 11 bytes [B8, 79, D7, 65, 73, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                                                                            0000000076faf691 11 bytes [B8, F9, D3, 65, 73, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                                                                      0000000076faf6c1 8 bytes [B8, F9, CC, 65, 73, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                                                                     0000000076faf6ca 2 bytes [50, C3]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                                                            000007fefd9213b1 11 bytes [B8, 79, A6, 65, 73, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                                                            000007fefd9218e0 12 bytes [48, B8, B9, A4, 65, 73, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                                                                         000007fefd921bd1 11 bytes [B8, F9, A2, 65, 73, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                                                            000007fefd922201 11 bytes [B8, 39, E0, 65, 73, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                                                           000007fefd9223c0 12 bytes [48, B8, 39, 8C, 65, 73, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\WS2_32.dll!connect                                                                                                                                                                000007fefd9245c0 12 bytes [48, B8, 79, 67, 65, 73, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                                                               000007fefd928001 11 bytes [B8, 39, A1, 65, 73, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                                                                          000007fefd928df0 7 bytes [48, B8, B9, 8F, 65, 73, 00]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                                                                      000007fefd928df9 3 bytes [00, 50, C3]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                                                                         000007fefd92c090 12 bytes [48, B8, F9, 8D, 65, 73, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                                                             000007fefd92de91 11 bytes [B8, 39, D9, 65, 73, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                                                               000007fefd92df41 11 bytes [B8, 79, DE, 65, 73, 00, 00, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[704] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                                                         000007fefd94e0f1 11 bytes [B8, B9, DC, 65, 73, 00, 00, ...]
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtReadFile                                                                                                                                                                      000000007733f8f0 5 bytes JMP 0000000171f06619
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                                                                                                                                     000000007733f928 5 bytes JMP 0000000171f06ca1
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                                                                         000000007733f9e0 5 bytes JMP 0000000171f05c99
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                                                                                                                         000000007733fb28 5 bytes JMP 0000000171f056a9
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                                                                                                                   000000007733fc20 5 bytes JMP 0000000171f031d9
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                                                                                              000000007733fc50 5 bytes JMP 0000000171f015f1
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                                                                                                            000000007733fc80 5 bytes JMP 0000000171f01689
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                                                                              000000007733fcb0 5 bytes JMP 0000000171f05611
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                                                                                   000000007733fdc8 5 bytes JMP 0000000171f06c09
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                            000000007733fe14 5 bytes JMP 0000000171f030a9
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                                                                                               000000007733fe44 5 bytes JMP 0000000171f03309
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                                                                                                                000000007733ff24 5 bytes JMP 0000000171f03271
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                                                                                 000000007733ffa4 5 bytes JMP 0000000171f06d39
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                                                                                                                               000000007733ffec 5 bytes JMP 0000000171f02ee1
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                                                                                  0000000077340004 5 bytes JMP 0000000171f02db1
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                                                                    00000000773400b4 5 bytes JMP 0000000171f01ed9
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                                                                                   00000000773401c4 5 bytes JMP 0000000171f02301
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                                                                                                  000000007734079c 5 bytes JMP 0000000171f06b71
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                                                                                                                                 0000000077340814 5 bytes JMP 0000000171f02e49
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                                                                                00000000773408a4 5 bytes JMP 0000000171f02d19
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                                                                                    0000000077340df4 5 bytes JMP 0000000171f05d31
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                                                                                                                                0000000077341604 5 bytes JMP 0000000171f04ac9
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                                                                                              0000000077341920 5 bytes JMP 0000000171f03141
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                                                                          0000000077341be4 5 bytes JMP 0000000171f05dc9
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                                                                                                                                0000000077341d54 5 bytes JMP 0000000171f03439
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                                                                                                 0000000077341d70 5 bytes JMP 0000000171f033a1
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                                                                            0000000077341d8c 5 bytes JMP 0000000171f06dd1
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                                                                                                                                    0000000077341ee8 5 bytes JMP 0000000171f069a9
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                                                                                                                                      00000000773588c4 5 bytes JMP 0000000171f01ab1
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                                                                                                                                    0000000077380d3b 5 bytes JMP 0000000171f02009
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                                                                                                                              00000000773c860f 5 bytes JMP 0000000171f04b61
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                                                                                                                                      00000000773ce8ab 5 bytes JMP 0000000171f01f71
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                                                                                                                              00000000754c0e00 5 bytes JMP 0000000171f01da9
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                                                                               00000000754c1072 5 bytes JMP 0000000171f02a21
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                                                                                                                 00000000754c499f 5 bytes JMP 0000000171f025f9
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                                                                                                       00000000754d3bbb 5 bytes JMP 0000000171f03011
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                                                                                                                        00000000754d9aa4 5 bytes JMP 0000000171f06581
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                                                                                                                  00000000754d9b05 5 bytes JMP 0000000171f06321
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                                                                                                                                     00000000754e7327 5 bytes JMP 0000000171f02729
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                                                                                                                               00000000754e88da 5 bytes JMP 0000000171f05c01
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                                                                                                                  00000000754eccb1 5 bytes JMP 0000000171f061f1
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA                                                                                                                                                        00000000754eccd1 5 bytes JMP 0000000171f06451
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                                                                                                      0000000075542ff1 5 bytes JMP 0000000171f028f1
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                                                                                                                            000000007556748b 5 bytes JMP 0000000171f046a1
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                                                                                                                            00000000755674ae 5 bytes JMP 0000000171f047d1
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                                                                                                                                 0000000075567859 5 bytes JMP 0000000171f04901
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                                                                                                                                 00000000755678d2 5 bytes JMP 0000000171f04a31
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                                                                                                                                                    0000000075948f8d 5 bytes JMP 0000000171f01a19
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle                                                                                                                                                                000000007594c436 5 bytes JMP 0000000171f03b59
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                                                                                                                                         000000007594eca6 5 bytes JMP 0000000171f03601
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess                                                                                                                                                                000000007594f206 5 bytes JMP 0000000171f02399
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                                                                                                                                            000000007594fa89 5 bytes JMP 0000000171f01e41
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW                                                                                                                                                           000000007594fbb7 5 bytes JMP 0000000171f060c1
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW                                                                                                                                                               0000000075951358 5 bytes JMP 0000000171f03ac1
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW                                                                                                                                                                 000000007595137f 5 bytes JMP 0000000171f03a29
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                                                                           0000000075951d29 5 bytes JMP 0000000171f01981
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress                                                                                                                                                             0000000075951e15 5 bytes JMP 0000000171f024c9
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                             0000000075952ab1 5 bytes JMP 0000000171f057d9
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                                                                                                                                             0000000075952cd9 5 bytes JMP 0000000171f05741
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                                                                                0000000075952d17 5 bytes JMP 0000000171f05871
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                                                                                                                                           0000000075952e7a 5 bytes JMP 0000000171f018e9
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!SleepEx                                                                                                                                                                    0000000075953b70 5 bytes JMP 0000000171f02269
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!Sleep                                                                                                                                                                      0000000075954496 5 bytes JMP 0000000171f02431
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!CreateThread                                                                                                                                                               0000000075954608 5 bytes JMP 0000000171f03569
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                                                                                                                                         0000000075954631 5 bytes JMP 0000000171f02c81
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA                                                                                                                                                                000000007595c734 5 bytes JMP 0000000171f027c1
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW                                                                                                                                                                 0000000074d2c9ec 5 bytes JMP 0000000171f03c89
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA                                                                                                                                                                 0000000074d32b70 5 bytes JMP 0000000171f03bf1
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                                                                                                                                           0000000074d3361c 5 bytes JMP 0000000171f040b1
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                                                                                                                                          0000000074d34965 1 byte JMP 0000000171f06e69
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 224                                                                                                                                                          0000000074d34967 3 bytes {JMP 0xfffffffffd1d2504}
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                                                                                                               0000000074d470c4 5 bytes JMP 0000000171f04311
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!ControlService                                                                                                                                                               0000000074d470dc 5 bytes JMP 0000000171f03e51
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!DeleteService                                                                                                                                                                0000000074d470f4 5 bytes JMP 0000000171f03ee9
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                                                                                                                                         0000000074d631f4 5 bytes JMP 0000000171f03f81
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                                                                                                                                         0000000074d63204 5 bytes JMP 0000000171f04019
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA                                                                                                                                                            0000000074d63214 5 bytes JMP 0000000171f03d21
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW                                                                                                                                                            0000000074d63224 5 bytes JMP 0000000171f03db9
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                                                                                                               0000000074d63264 5 bytes JMP 0000000171f04279
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\msvcrt.dll!_lock + 41                                                                                                                                                                     000000007607a472 5 bytes JMP 0000000171f06f01
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\msvcrt.dll!__p__fmode                                                                                                                                                                     00000000760827ce 5 bytes JMP 0000000171f01be1
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\msvcrt.dll!__p__environ                                                                                                                                                                   000000007608e6cf 5 bytes JMP 0000000171f01b49
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                                                                                                                    0000000075d778e2 5 bytes JMP 0000000171f04441
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                                                                                                                    0000000075d77bd3 5 bytes JMP 0000000171f043a9
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                                                                                0000000075d78a29 5 bytes JMP 0000000171f04f89
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!FindWindowW                                                                                                                                                                    0000000075d798fd 5 bytes JMP 0000000171f05a39
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize                                                                                                                                                        0000000075d7b6ed 5 bytes JMP 0000000171f06f99
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                                                                                                                0000000075d7d22e 5 bytes JMP 0000000171f05021
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                                                                                                0000000075d7ee09 5 bytes JMP 0000000171f034d1
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!FindWindowA                                                                                                                                                                    0000000075d7ffe6 5 bytes JMP 0000000171f05909
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!FindWindowExA                                                                                                                                                                  0000000075d800d9 5 bytes JMP 0000000171f059a1
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                                                                                                                   0000000075d805ba 5 bytes JMP 0000000171f04571
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!ShowWindow                                                                                                                                                                     0000000075d80dfb 5 bytes JMP 0000000171f050b9
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                                                                                   0000000075d812a5 5 bytes JMP 0000000171f06ad9
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                                                                                                                                 0000000075d820ec 5 bytes JMP 0000000171f05449
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                                                                                   0000000075d83baa 5 bytes JMP 0000000171f06a41
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                                                                                                                   0000000075d85f74 5 bytes JMP 0000000171f044d9
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!CallNextHookEx                                                                                                                                                                 0000000075d86285 5 bytes JMP 0000000171f04bf9
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                                                                                              0000000075d87603 5 bytes JMP 0000000171f02be9
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                                                                                                                                 0000000075d87aee 5 bytes JMP 0000000171f053b1
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                                                                                              0000000075d8835c 5 bytes JMP 0000000171f02b51
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                                                                                                                                                     0000000075d9ce54 5 bytes JMP 0000000171f051e9
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                                                                                                            0000000075d9f52b 5 bytes JMP 0000000171f04c91
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!FindWindowExW                                                                                                                                                                  0000000075d9f588 5 bytes JMP 0000000171f05ad1
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                                                                                                                                                  0000000075da10a0 5 bytes JMP 0000000171f05151
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                                                                                                                  0000000075dcfcd6 2 bytes JMP 0000000171f05281
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3                                                                                                                                                              0000000075dcfcd9 2 bytes [13, FC]
.text    C:\Users\Philipp\Downloads\Gmer-19357.exe[2044] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                                                                                                                  0000000075dcfcfa 5 bytes JMP 0000000171f05319

---- Threads - GMER 2.1 ----

Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [704:5308]                                                                                                                                                                                                 000007fef9d62bf8
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [704:5344]                                                                                                                                                                                                 000007feec674830
---- Processes - GMER 2.1 ----

Library  \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll (*** suspicious ***) @ C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [856] (FILE NOT FOUND)                                                                    000007fefb3e0000
Library  c:\progra~3\b9d0d3d10.zot (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1156](2015-01-29 18:09:11)                                                                                                                                                  000000007c000000
Library  c:\progra~3\b9d0d3d10.zot (*** suspicious ***) @ C:\Windows\Explorer.EXE [2064](2015-01-29 18:09:11)                                                                                                                                                          000000007c000000
Library  C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46)        000000006f7d0000
Library  C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38)            000000006f4d0000
Library  C:\Users\Philipp\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604](2014-10-22 00:22:50)                                                                                        000000006ff50000
Library  C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38)           000000006eb20000
Library  C:\Users\Philipp\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604] (ICU I18N DLL/The ICU Project)(2014-10-22 00:22:50)                                                           000000004a900000
Library  C:\Users\Philipp\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604] (ICU Common DLL/The ICU Project)(2014-10-22 00:22:50)                                                         0000000004570000
Library  C:\Users\Philipp\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604] (ICU Data DLL/The ICU Project)(2014-10-22 00:22:50)                                                           00000000046c0000
Library  c:\users\philipp\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpocvnwx.dll (*** suspicious ***) @ C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604](2015-02-02 15:56:44)                                       0000000004050000
Library  C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38)        000000006db60000
Library  C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40)         00000000683c0000
Library  C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40)          000000006a180000
Library  C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40)            0000000069f20000
Library  C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40)            000000006ef60000
Library  C:\Users\Philipp\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604](2014-10-22 00:22:50)                                                                                           0000000072c90000
Library  C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46)  000000006ef30000
Library  C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38)         000000006e540000
Library  C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38)   000000006de80000
Library  C:\Users\Philipp\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604](2014-10-22 00:22:48)                                                                       000000006dda0000
Library  C:\Users\Philipp\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [3604](2014-10-22 00:22:46)                                                                       000000006fdb0000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002186b81241                                                                                                                                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002186b81241@847a88d5d20c                                                                                                                                                                      0x44 0x6C 0xBA 0xEA ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                                                                                                              
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                                                                           C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                                                                           0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                                                                           0
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                                                                        0xF7 0x3E 0x0B 0xA3 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002186b81241 (not active ControlSet)                                                                                                                                                               
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002186b81241@847a88d5d20c                                                                                                                                                                          0x44 0x6C 0xBA 0xEA ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                                                                                                          
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                                                                               C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                                                                               0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                                                                               0
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                                                                            0xF7 0x3E 0x0B 0xA3 ...

---- EOF - GMER 2.1 ----
         
So das ist dann jetzt alles. Sorry wenn es unübersichtlich ist.

Die Attention.txt wird mir nur so angezeigt.? Habe ich dort was falsch gemacht?
Ich muss vorab noch sagen, ich bin nicht gerade der beste im Umgang mit Rechnern :-)

Alt 02.02.2015, 18:18   #15
Warlord711
/// TB-Ausbilder
 
Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp - Standard

Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp



Schauen wir mal, mach erstmal so weiter:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Und bitte neue FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Antwort

Themen zu Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp
antiviren, arten, beim starten, benötige, bitdefender, dankbar, defender, ebenfalls, entfern, erkannt, fehlermeldung, laptop, malewarebytes, neustart, problem, programm, start, starte, starten, taucht, troja, trojaner, windows, windows 7, zusätzlich



Ähnliche Themen: Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp


  1. Fehlermeldung beim booten. RunDLL Problem beim starten von ... Das angegebene Modul wurde nicht gefunden.
    Plagegeister aller Art und deren Bekämpfung - 31.05.2016 (23)
  2. Fehlermeldung beim Starten von Win 8.1 - RunDll Problem bei Starten Falscher Parameter
    Alles rund um Windows - 04.10.2015 (13)
  3. Fehlermeldung RunDLL Problem beim Starten von
    Plagegeister aller Art und deren Bekämpfung - 11.04.2015 (20)
  4. Problem beim Starten von C:\PROGRA~3\6FA64CB91.cpp
    Plagegeister aller Art und deren Bekämpfung - 25.01.2015 (29)
  5. Windows7: "RunDLL: Problem beim Starten von c:\PROGRA~3\CD2D29F5.cpp"
    Plagegeister aller Art und deren Bekämpfung - 16.12.2014 (3)
  6. Probleme beim starten von PROGRA~3\12ACC14A.cpp,zSS1
    Plagegeister aller Art und deren Bekämpfung - 16.11.2014 (9)
  7. Fehlermeldung RunDll : Problem beim Starten C Program files (x86) HomeTab TB Updater.dll.
    Log-Analyse und Auswertung - 15.01.2014 (7)
  8. Fehlermeldung von RUNDLL: Problem beim Starten von ....TBHostSupport.dll
    Log-Analyse und Auswertung - 06.01.2014 (15)
  9. Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\doeqmqlz8.dss
    Log-Analyse und Auswertung - 27.11.2013 (13)
  10. Fehlermeldung beim booten. RunDLL Problem beim starten von C:\ProgrammFiles\HomeTab\TBUpdater.dll Das angegebene Modul wurde nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.11.2013 (21)
  11. Win7 Problem beim Starten von C:\PROGRA~3\aco2d.dat
    Log-Analyse und Auswertung - 01.08.2013 (15)
  12. C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7
    Log-Analyse und Auswertung - 25.03.2013 (35)
  13. Start: Problem beim Starten von C:\Users\...\AppData\Local\Temp\wpbt0.dll
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (1)
  14. Nach dem Neustart einer Bereinigung mit ESETOnline Scan kommt die Fehlermeldung beim Start: Problem beim Starten von install_0_msi.exe
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (30)
  15. Fehlermeldung beim Systemstart: Problem beim Starten von C/User...appdata..exe
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (25)
  16. Fehlermeldung beim Starten von Windows Vista PC "Fehler beim Laden von C.\User\***\sshas21.dll
    Plagegeister aller Art und deren Bekämpfung - 28.08.2010 (13)
  17. Fehlermeldung beim Starten von Windows
    Log-Analyse und Auswertung - 12.07.2009 (18)

Zum Thema Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp - Hallo, ich benötige mal eure Hilfe. Ich hatte auf meinem Laptop eine Trojaner, der auch von meinem AntiViren Programm (Bitdefender) erkannt wurde. Zusätzlich habe ich auch noch Malewarebytes auf meinem - Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp...
Archiv
Du betrachtest: Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.