|
Firefox kommt auf Yahoo 404 - "page not found" Hallo, Ich habe seit einigen Tagen ein Problem. Und zwar leitet mich Firefox manchmal beim aufrufen/einloggen einer neuen Seiteauf die Yahoo 404 - page not found Seite.Wisst ihr was das sein könnte? Die FRST und GMER texte habe ich schon,poste ich wenn gewünscht. Liebe Grüsse Chris |
hi, dann poste mal :) |
FRST |
Und GMER |
Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
|
GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-08-11 13:35:07 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000007e ST2000DM rev.CC29 1863,02GB Running: wwmvbxht.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d51510 6 bytes {JMP QWORD [RIP+0x93eeb20]} .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076d51520 6 bytes {JMP QWORD [RIP+0x944eb10]} .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076d515e0 6 bytes {JMP QWORD [RIP+0x942ea50]} .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d51800 6 bytes {JMP QWORD [RIP+0x940e830]} .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d518b0 6 bytes {JMP QWORD [RIP+0x93ae780]} .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076d51e40 6 bytes {JMP QWORD [RIP+0x93ce1f0]} .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d527e0 6 bytes {JMP QWORD [RIP+0x946d850]} .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076bfdb80 6 bytes {JMP QWORD [RIP+0x95e24b0]} .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefbbc9055 3 bytes CALL 9000027 .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d51510 6 bytes {JMP QWORD [RIP+0x93eeb20]} .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076d51520 6 bytes {JMP QWORD [RIP+0x944eb10]} .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076d515e0 6 bytes {JMP QWORD [RIP+0x942ea50]} .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d51800 6 bytes {JMP QWORD [RIP+0x940e830]} .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d518b0 6 bytes {JMP QWORD [RIP+0x93ae780]} .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076d51e40 6 bytes {JMP QWORD [RIP+0x93ce1f0]} .text C:\Windows\Explorer.EXE[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d527e0 6 bytes {JMP QWORD [RIP+0x946d850]} .text C:\Windows\Explorer.EXE[1884] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076bfdb80 6 bytes {JMP QWORD [RIP+0x95e24b0]} .text C:\Windows\Explorer.EXE[1884] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefbbc9055 3 bytes CALL 0 .text C:\Windows\Explorer.EXE[1884] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA 000007fef8f27b34 6 bytes JMP 0 .text C:\Windows\Explorer.EXE[1884] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW 000007fef8f303c0 6 bytes JMP 0 .text C:\Windows\Explorer.EXE[1884] C:\Windows\system32\msi.dll!MsiSetInternalUI 000007fef1ff5cd0 6 bytes JMP c20158d0 .text C:\Windows\Explorer.EXE[1884] C:\Windows\system32\msi.dll!MsiInstallProductA 000007fef2070f20 6 bytes {JMP QWORD [RIP+0x49f110]} .text C:\Windows\Explorer.EXE[1884] C:\Windows\system32\msi.dll!MsiInstallProductW 000007fef207faa8 6 bytes {JMP QWORD [RIP+0x650588]} .text C:\Windows\Explorer.EXE[1884] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW 000007fefc943030 6 bytes {JMP QWORD [RIP+0x16fd000]} .text C:\Windows\Explorer.EXE[1884] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefc9445c1 5 bytes {JMP QWORD [RIP+0x160ba70]} .text C:\Windows\Explorer.EXE[1884] C:\Windows\system32\WS2_32.dll!listen 000007fefc948290 6 bytes {JMP QWORD [RIP+0x12b7da0]} .text C:\Windows\Explorer.EXE[1884] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefc96e0f0 6 bytes {JMP QWORD [RIP+0x15f1f40]} .text C:\Windows\Explorer.EXE[1884] C:\Windows\system32\RASAPI32.dll!RasDialW + 1 000007fef1e596f5 5 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d51510 6 bytes {JMP QWORD [RIP+0x93eeb20]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076d51520 6 bytes {JMP QWORD [RIP+0x944eb10]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076d515e0 6 bytes {JMP QWORD [RIP+0x942ea50]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d51800 6 bytes {JMP QWORD [RIP+0x940e830]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d518b0 6 bytes {JMP QWORD [RIP+0x93ae780]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076d51e40 6 bytes {JMP QWORD [RIP+0x93ce1f0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d527e0 6 bytes {JMP QWORD [RIP+0x946d850]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2380] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076bfdb80 6 bytes {JMP QWORD [RIP+0x95e24b0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2380] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefbbc9055 3 bytes [B5, 6F, 08] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2380] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA 000007fef8f27b34 6 bytes {JMP QWORD [RIP+0x1684fc]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2380] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW 000007fef8f303c0 6 bytes {JMP QWORD [RIP+0x17fc70]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2380] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW 000007fefc943030 6 bytes {JMP QWORD [RIP+0x131d000]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2380] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefc9445c1 5 bytes {JMP QWORD [RIP+0x12bba70]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2380] C:\Windows\system32\WS2_32.dll!listen 000007fefc948290 6 bytes {JMP QWORD [RIP+0x12f7da0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2380] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefc96e0f0 6 bytes {JMP QWORD [RIP+0x12b1f40]} .text C:\Windows\system32\taskhost.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d51510 6 bytes {JMP QWORD [RIP+0x93eeb20]} .text C:\Windows\system32\taskhost.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076d51520 6 bytes {JMP QWORD [RIP+0x944eb10]} .text C:\Windows\system32\taskhost.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076d515e0 6 bytes {JMP QWORD [RIP+0x942ea50]} .text C:\Windows\system32\taskhost.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d51800 6 bytes {JMP QWORD [RIP+0x940e830]} .text C:\Windows\system32\taskhost.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d518b0 6 bytes {JMP QWORD [RIP+0x93ae780]} .text C:\Windows\system32\taskhost.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076d51e40 6 bytes {JMP QWORD [RIP+0x93ce1f0]} .text C:\Windows\system32\taskhost.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d527e0 6 bytes {JMP QWORD [RIP+0x946d850]} .text C:\Windows\system32\taskhost.exe[2404] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076bfdb80 6 bytes {JMP QWORD [RIP+0x95e24b0]} .text C:\Windows\system32\taskhost.exe[2404] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefbbc9055 3 bytes CALL 79000026 .text C:\Windows\system32\taskhost.exe[2404] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefc9b55c8 6 bytes {JMP QWORD [RIP+0x122aa68]} .text C:\Windows\system32\taskhost.exe[2404] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefc9cb85c 6 bytes {JMP QWORD [RIP+0x11f47d4]} .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d51510 6 bytes {JMP QWORD [RIP+0x93eeb20]} .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076d51520 6 bytes {JMP QWORD [RIP+0x944eb10]} .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076d515e0 6 bytes {JMP QWORD [RIP+0x942ea50]} .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d51800 6 bytes {JMP QWORD [RIP+0x940e830]} .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d518b0 6 bytes {JMP QWORD [RIP+0x93ae780]} .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076d51e40 6 bytes {JMP QWORD [RIP+0x93ce1f0]} .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d527e0 6 bytes {JMP QWORD [RIP+0x946d850]} .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2516] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076bfdb80 6 bytes {JMP QWORD [RIP+0x95e24b0]} .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2516] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefbbc9055 3 bytes [B5, 6F, 06] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000076effc20 3 bytes JMP 717e000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 0000000076effc24 2 bytes JMP 717e000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000076effc38 3 bytes JMP 7175000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 0000000076effc3c 2 bytes JMP 7175000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076effd64 3 bytes JMP 7178000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076effd68 2 bytes JMP 7178000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076f000b4 3 bytes JMP 717b000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076f000b8 2 bytes JMP 717b000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000076f001c4 3 bytes JMP 7184000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000076f001c8 2 bytes JMP 7184000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000076f00a44 3 bytes JMP 7181000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000076f00a48 2 bytes JMP 7181000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f01920 3 bytes JMP 7172000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000076f01924 2 bytes JMP 7172000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076733bbb 3 bytes JMP 716f000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076733bbf 2 bytes JMP 716f000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076342c9e 4 bytes CALL 71af0000 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 000000007496575a 6 bytes JMP 71a2000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\syswow64\WS2_32.dll!connect 0000000074966bdd 6 bytes JMP 71ab000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\syswow64\WS2_32.dll!listen 000000007496b001 6 bytes JMP 71a5000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007496cc3f 6 bytes JMP 71a8000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076569679 6 bytes JMP 7193000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000765712a5 6 bytes JMP 718d000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076573baa 6 bytes JMP 7190000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007657612e 6 bytes JMP 7196000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\syswow64\USER32.dll!SendInput 000000007658ff4a 3 bytes JMP 7199000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007658ff4e 2 bytes JMP 7199000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\syswow64\USER32.dll!mouse_event 00000000765c027b 6 bytes JMP 719f000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\syswow64\USER32.dll!keybd_event 00000000765c02bf 6 bytes JMP 719c000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000074b270c4 6 bytes JMP 7187000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000074b43264 6 bytes JMP 718a000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076211465 2 bytes [21, 76] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762114bb 2 bytes [21, 76] .text ... * 2 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d51510 6 bytes {JMP QWORD [RIP+0x93eeb20]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076d51520 6 bytes {JMP QWORD [RIP+0x944eb10]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076d515e0 6 bytes {JMP QWORD [RIP+0x942ea50]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d51800 6 bytes {JMP QWORD [RIP+0x940e830]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d518b0 6 bytes {JMP QWORD [RIP+0x93ae780]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076d51e40 6 bytes {JMP QWORD [RIP+0x93ce1f0]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d527e0 6 bytes {JMP QWORD [RIP+0x946d850]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2544] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076bfdb80 6 bytes {JMP QWORD [RIP+0x95e24b0]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2544] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefbbc9055 3 bytes [B5, 6F, 06] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2544] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA 000007fef8f27b34 6 bytes {JMP QWORD [RIP+0x884fc]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2544] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW 000007fef8f303c0 6 bytes {JMP QWORD [RIP+0x9fc70]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d51510 6 bytes {JMP QWORD [RIP+0x93eeb20]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076d51520 6 bytes {JMP QWORD [RIP+0x944eb10]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076d515e0 6 bytes {JMP QWORD [RIP+0x942ea50]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d51800 6 bytes {JMP QWORD [RIP+0x940e830]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d518b0 6 bytes {JMP QWORD [RIP+0x93ae780]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076d51e40 6 bytes {JMP QWORD [RIP+0x93ce1f0]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d527e0 6 bytes {JMP QWORD [RIP+0x946d850]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2560] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076bfdb80 6 bytes {JMP QWORD [RIP+0x95e24b0]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2560] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefbbc9055 3 bytes [B5, 6F, 06] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2560] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA 000007fef8f27b34 6 bytes {JMP QWORD [RIP+0x884fc]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2560] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW 000007fef8f303c0 6 bytes {JMP QWORD [RIP+0x9fc70]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d51510 6 bytes {JMP QWORD [RIP+0x93eeb20]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076d51520 6 bytes {JMP QWORD [RIP+0x944eb10]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076d515e0 6 bytes {JMP QWORD [RIP+0x942ea50]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d51800 6 bytes {JMP QWORD [RIP+0x940e830]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d518b0 6 bytes {JMP QWORD [RIP+0x93ae780]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076d51e40 6 bytes {JMP QWORD [RIP+0x93ce1f0]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d527e0 6 bytes {JMP QWORD [RIP+0x946d850]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2672] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076bfdb80 6 bytes {JMP QWORD [RIP+0x95e24b0]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2672] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefbbc9055 3 bytes [B5, 6F, 06] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2672] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW 000007fefc943030 6 bytes {JMP QWORD [RIP+0x16dd000]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2672] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefc9445c1 5 bytes {JMP QWORD [RIP+0x127ba70]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2672] C:\Windows\system32\WS2_32.dll!listen 000007fefc948290 6 bytes {JMP QWORD [RIP+0x12b7da0]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2672] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefc96e0f0 6 bytes {JMP QWORD [RIP+0x1271f40]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2672] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA 000007fef8f27b34 6 bytes {JMP QWORD [RIP+0x884fc]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2672] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW 000007fef8f303c0 6 bytes JMP 0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d51510 6 bytes {JMP QWORD [RIP+0x93eeb20]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000076d51520 6 bytes {JMP QWORD [RIP+0x944eb10]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076d515e0 6 bytes {JMP QWORD [RIP+0x942ea50]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d51800 6 bytes {JMP QWORD [RIP+0x940e830]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d518b0 6 bytes {JMP QWORD [RIP+0x93ae780]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000076d51e40 6 bytes {JMP QWORD [RIP+0x93ce1f0]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d527e0 6 bytes {JMP QWORD [RIP+0x946d850]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2692] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076bfdb80 6 bytes {JMP QWORD [RIP+0x95e24b0]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2692] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefbbc9055 3 bytes CALL 9000027 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2692] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA 000007fef8f27b34 6 bytes JMP 300030 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2692] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW 000007fef8f303c0 6 bytes {JMP QWORD [RIP+0x9fc70]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2692] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW 000007fefc943030 6 bytes {JMP QWORD [RIP+0x16dd000]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2692] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefc9445c1 5 bytes {JMP QWORD [RIP+0x127ba70]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2692] C:\Windows\system32\WS2_32.dll!listen 000007fefc948290 6 bytes {JMP QWORD [RIP+0x12b7da0]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2692] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefc96e0f0 6 bytes {JMP QWORD [RIP+0x1271f40]} .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000076effc20 3 bytes JMP 7145000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 0000000076effc24 2 bytes JMP 7145000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000076effc38 3 bytes JMP 713c000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 0000000076effc3c 2 bytes JMP 713c000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076effd64 3 bytes JMP 713f000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076effd68 2 bytes JMP 713f000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076f000b4 3 bytes JMP 7142000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076f000b8 2 bytes JMP 7142000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000076f001c4 3 bytes JMP 7190000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000076f001c8 2 bytes JMP 7190000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000076f00a44 3 bytes JMP 718d000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000076f00a48 2 bytes JMP 718d000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f01920 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000076f01924 2 bytes [38, 71] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076733bbb 3 bytes JMP 7136000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076733bbf 2 bytes JMP 7136000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076342c9e 4 bytes CALL 71af0000 .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000074b270c4 6 bytes {JMP QWORD [RIP+0x7192001e]} .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000074b43264 6 bytes {JMP QWORD [RIP+0x7195001e]} .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076569679 6 bytes JMP 719f000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000765712a5 6 bytes {JMP QWORD [RIP+0x7198001e]} .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076573baa 6 bytes {JMP QWORD [RIP+0x719b001e]} .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007657612e 6 bytes {JMP QWORD [RIP+0x71a1001e]} .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\syswow64\USER32.dll!SendInput 000000007658ff4a 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007658ff4e 2 bytes [A4, 71] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\syswow64\USER32.dll!mouse_event 00000000765c027b 6 bytes {JMP QWORD [RIP+0x71aa001e]} .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\syswow64\USER32.dll!keybd_event 00000000765c02bf 6 bytes {JMP QWORD [RIP+0x71a7001e]} .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076211465 2 bytes [21, 76] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762114bb 2 bytes [21, 76] .text ... * 2 .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 000000007496575a 6 bytes JMP 712a000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\syswow64\WS2_32.dll!connect 0000000074966bdd 6 bytes JMP 7133000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\syswow64\WS2_32.dll!listen 000000007496b001 6 bytes JMP 712d000a .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2392] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007496cc3f 6 bytes JMP 7130000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000076effc20 3 bytes JMP 718a000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 0000000076effc24 2 bytes JMP 718a000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000076effc38 3 bytes JMP 7181000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 0000000076effc3c 2 bytes JMP 7181000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076effd64 3 bytes JMP 7184000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076effd68 2 bytes JMP 7184000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076f000b4 3 bytes JMP 7187000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076f000b8 2 bytes JMP 7187000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000076f001c4 3 bytes JMP 7190000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000076f001c8 2 bytes JMP 7190000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000076f00a44 3 bytes JMP 718d000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000076f00a48 2 bytes JMP 718d000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f01920 3 bytes JMP 717e000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000076f01924 2 bytes JMP 717e000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076733bbb 3 bytes JMP 717b000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076733bbf 2 bytes JMP 717b000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076342c9e 4 bytes CALL 71af0000 .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076569679 6 bytes JMP 719f000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000765712a5 6 bytes JMP 7199000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076573baa 6 bytes JMP 719c000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007657612e 6 bytes JMP 71a2000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\syswow64\USER32.dll!SendInput 000000007658ff4a 3 bytes JMP 71a5000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007658ff4e 2 bytes JMP 71a5000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\syswow64\USER32.dll!mouse_event 00000000765c027b 6 bytes JMP 71ab000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\syswow64\USER32.dll!keybd_event 00000000765c02bf 6 bytes JMP 71a8000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000074b270c4 6 bytes JMP 7193000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000074b43264 6 bytes JMP 7196000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 000000007496575a 6 bytes JMP 716f000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\syswow64\WS2_32.dll!connect 0000000074966bdd 6 bytes JMP 7178000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\syswow64\WS2_32.dll!listen 000000007496b001 6 bytes JMP 7172000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007496cc3f 6 bytes JMP 7175000a .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076211465 2 bytes [21, 76] .text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[2476] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000762114bb 2 bytes [21, 76] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000076effc20 3 bytes JMP 718a000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 0000000076effc24 2 bytes JMP 718a000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000076effc38 3 bytes JMP 7181000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 0000000076effc3c 2 bytes JMP 7181000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076effd64 3 bytes JMP 7184000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076effd68 2 bytes JMP 7184000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076f000b4 3 bytes JMP 7187000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076f000b8 2 bytes JMP 7187000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000076f001c4 3 bytes JMP 7190000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000076f001c8 2 bytes JMP 7190000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000076f00a44 3 bytes JMP 718d000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000076f00a48 2 bytes JMP 718d000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f01920 3 bytes JMP 717e000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000076f01924 2 bytes JMP 717e000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076733bbb 3 bytes JMP 717b000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076733bbf 2 bytes JMP 717b000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076342c9e 4 bytes CALL 71af0000 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076569679 6 bytes JMP 719f000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000765712a5 6 bytes JMP 7199000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076573baa 6 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007657612e 6 bytes JMP 71a2000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\syswow64\USER32.dll!SendInput 000000007658ff4a 3 bytes JMP 71a5000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007658ff4e 2 bytes JMP 71a5000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\syswow64\USER32.dll!mouse_event 00000000765c027b 6 bytes JMP 71ab000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\syswow64\USER32.dll!keybd_event 00000000765c02bf 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000074b270c4 6 bytes JMP 7193000a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2576] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000074b43264 6 bytes JMP 7196000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000076effc20 3 bytes JMP 718a000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 0000000076effc24 2 bytes JMP 718a000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000076effc38 3 bytes JMP 7181000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 0000000076effc3c 2 bytes JMP 7181000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076effd64 3 bytes JMP 7184000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076effd68 2 bytes JMP 7184000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076f000b4 3 bytes JMP 7187000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076f000b8 2 bytes JMP 7187000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000076f001c4 3 bytes JMP 7190000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000076f001c8 2 bytes JMP 7190000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000076f00a44 3 bytes JMP 718d000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000076f00a48 2 bytes JMP 718d000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f01920 3 bytes JMP 717e000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000076f01924 2 bytes JMP 717e000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000076733bbb 3 bytes JMP 717b000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4 0000000076733bbf 2 bytes JMP 717b000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076342c9e 4 bytes CALL 71af0000 .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076569679 6 bytes JMP 719f000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000765712a5 6 bytes JMP 7199000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076573baa 6 bytes JMP 719c000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007657612e 6 bytes JMP 71a2000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\syswow64\USER32.dll!SendInput 000000007658ff4a 3 bytes JMP 71a5000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007658ff4e 2 bytes JMP 71a5000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\syswow64\USER32.dll!mouse_event 00000000765c027b 6 bytes JMP 71ab000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\syswow64\USER32.dll!keybd_event 00000000765c02bf 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000074b270c4 6 bytes JMP 7193000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000074b43264 6 bytes JMP 7196000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076211465 2 bytes [21, 76] .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000762114bb 2 bytes [21, 76] .text |
Teil 2 ... * 2 .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 000000007496575a 6 bytes JMP 716f000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\syswow64\WS2_32.dll!connect 0000000074966bdd 6 bytes JMP 7178000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\syswow64\WS2_32.dll!listen 000000007496b001 6 bytes JMP 7172000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3156] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007496cc3f 6 bytes JMP 7175000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000076effc20 3 bytes JMP 717e000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 0000000076effc24 2 bytes JMP 717e000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000076effc38 3 bytes JMP 7175000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 0000000076effc3c 2 bytes JMP 7175000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076effd64 3 bytes JMP 7178000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076effd68 2 bytes JMP 7178000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076f000b4 3 bytes JMP 717b000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076f000b8 2 bytes JMP 717b000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000076f001c4 3 bytes JMP 7184000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000076f001c8 2 bytes JMP 7184000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000076f00a44 3 bytes JMP 7181000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000076f00a48 2 bytes JMP 7181000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f01920 3 bytes JMP 7172000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000076f01924 2 bytes JMP 7172000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076733bbb 3 bytes JMP 716f000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076733bbf 2 bytes JMP 716f000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076342c9e 4 bytes CALL 71af0000 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 000000007496575a 6 bytes JMP 71a2000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\syswow64\WS2_32.dll!connect 0000000074966bdd 6 bytes JMP 71ab000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\syswow64\WS2_32.dll!listen 000000007496b001 6 bytes JMP 71a5000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007496cc3f 6 bytes JMP 71a8000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076569679 6 bytes JMP 7193000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000765712a5 6 bytes JMP 718d000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076573baa 6 bytes JMP 7190000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007657612e 6 bytes JMP 7196000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\syswow64\USER32.dll!SendInput 000000007658ff4a 3 bytes JMP 7199000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007658ff4e 2 bytes JMP 7199000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\syswow64\USER32.dll!mouse_event 00000000765c027b 6 bytes JMP 719f000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\syswow64\USER32.dll!keybd_event 00000000765c02bf 6 bytes JMP 719c000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000074b270c4 6 bytes JMP 7187000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000074b43264 6 bytes JMP 718a000a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076211465 2 bytes [21, 76] .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762114bb 2 bytes [21, 76] .text ... * 2 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000076effc20 3 bytes JMP 7178000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 0000000076effc24 2 bytes JMP 7178000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000076effc38 3 bytes JMP 716f000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 0000000076effc3c 2 bytes JMP 716f000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076effd64 3 bytes JMP 7172000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076effd68 2 bytes JMP 7172000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076f000b4 3 bytes JMP 7175000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076f000b8 2 bytes JMP 7175000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000076f001c4 3 bytes JMP 717e000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000076f001c8 2 bytes JMP 717e000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000076f00a44 3 bytes JMP 717b000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000076f00a48 2 bytes JMP 717b000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f01920 3 bytes JMP 716c000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000076f01924 2 bytes JMP 716c000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076733bbb 3 bytes JMP 7169000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076733bbf 2 bytes JMP 7169000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076342c9e 4 bytes CALL 71af0000 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076569679 6 bytes JMP 718d000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000765712a5 6 bytes JMP 7187000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076573baa 6 bytes JMP 718a000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007657612e 6 bytes JMP 7190000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\syswow64\USER32.dll!SendInput 000000007658ff4a 3 bytes JMP 7193000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007658ff4e 2 bytes JMP 7193000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\syswow64\USER32.dll!mouse_event 00000000765c027b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\syswow64\USER32.dll!keybd_event 00000000765c02bf 6 bytes JMP 7196000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000074b270c4 6 bytes JMP 7181000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000074b43264 6 bytes JMP 7184000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 000000007496575a 6 bytes JMP 719c000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\syswow64\WS2_32.dll!connect 0000000074966bdd 6 bytes JMP 71a5000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\syswow64\WS2_32.dll!listen 000000007496b001 6 bytes JMP 719f000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007496cc3f 6 bytes JMP 71a2000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076211465 2 bytes [21, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3616] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000762114bb 2 bytes [21, 76] .text ... * 2 .text C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076211465 2 bytes [21, 76] .text C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762114bb 2 bytes [21, 76] .text ... * 2 .text C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076211465 2 bytes [21, 76] .text C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762114bb 2 bytes [21, 76] .text ... * 2 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000076effc20 3 bytes JMP 7184000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 0000000076effc24 2 bytes JMP 7184000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000076effc38 3 bytes JMP 717b000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 0000000076effc3c 2 bytes JMP 717b000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076effd64 3 bytes JMP 717e000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076effd68 2 bytes JMP 717e000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076f000b4 3 bytes JMP 7181000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076f000b8 2 bytes JMP 7181000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000076f001c4 3 bytes JMP 718a000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000076f001c8 2 bytes JMP 718a000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000076f00a44 3 bytes JMP 7187000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000076f00a48 2 bytes JMP 7187000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f01920 3 bytes JMP 7178000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000076f01924 2 bytes JMP 7178000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000076733bbb 3 bytes JMP 7175000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4 0000000076733bbf 2 bytes JMP 7175000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076342c9e 4 bytes CALL 71af0000 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076569679 6 bytes JMP 7199000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000765712a5 6 bytes JMP 7193000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076573baa 6 bytes JMP 7196000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007657612e 6 bytes JMP 719c000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\syswow64\USER32.dll!SendInput 000000007658ff4a 3 bytes JMP 719f000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007658ff4e 2 bytes JMP 719f000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\syswow64\USER32.dll!mouse_event 00000000765c027b 6 bytes JMP 71a5000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\syswow64\USER32.dll!keybd_event 00000000765c02bf 6 bytes JMP 71a2000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000074b270c4 6 bytes JMP 718d000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2912] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000074b43264 6 bytes JMP 7190000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000076effc20 3 bytes JMP 718a000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 0000000076effc24 2 bytes JMP 718a000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000076effc38 3 bytes JMP 7181000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 0000000076effc3c 2 bytes JMP 7181000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076effd64 3 bytes JMP 7184000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076effd68 2 bytes JMP 7184000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076f000b4 3 bytes JMP 7187000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076f000b8 2 bytes JMP 7187000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000076f001c4 3 bytes JMP 7190000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000076f001c8 2 bytes JMP 7190000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000076f00a44 3 bytes JMP 718d000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000076f00a48 2 bytes JMP 718d000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f01920 3 bytes JMP 717e000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000076f01924 2 bytes JMP 717e000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076733bbb 3 bytes JMP 717b000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076733bbf 2 bytes JMP 717b000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076342c9e 4 bytes CALL 71af0000 .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076569679 6 bytes JMP 719f000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000765712a5 6 bytes JMP 7199000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076573baa 6 bytes JMP 719c000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007657612e 6 bytes JMP 71a2000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\syswow64\USER32.dll!SendInput 000000007658ff4a 3 bytes JMP 71a5000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007658ff4e 2 bytes JMP 71a5000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\syswow64\USER32.dll!mouse_event 00000000765c027b 6 bytes JMP 71ab000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\syswow64\USER32.dll!keybd_event 00000000765c02bf 6 bytes JMP 71a8000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000074b270c4 6 bytes JMP 7193000a .text C:\Windows\SysWOW64\ctfmon.exe[4856] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000074b43264 6 bytes JMP 7196000a .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076211465 2 bytes [21, 76] .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762114bb 2 bytes [21, 76] .text ... * 2 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076211465 2 bytes [21, 76] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762114bb 2 bytes [21, 76] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076211465 2 bytes [21, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762114bb 2 bytes [21, 76] .text ... * 2 .text C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000076effc20 3 bytes JMP 718a000a .text C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 0000000076effc24 2 bytes JMP 718a000a .text C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000076effc38 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 0000000076effc3c 2 bytes [80, 71] .text C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076effd64 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076effd68 2 bytes [83, 71] .text C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076f000b4 3 bytes JMP 7187000a .text C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076f000b8 2 bytes JMP 7187000a .text C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000076f001c4 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000076f001c8 2 bytes [8F, 71] .text C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000076f00a44 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000076f00a48 2 bytes [8C, 71] .text C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f01920 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000076f01924 2 bytes [7D, 71] .text C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe[3636] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076733bbb 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe[3636] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076733bbf 2 bytes [7A, 71] .text C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe[3636] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000074b270c4 6 bytes {JMP QWORD [RIP+0x7192001e]} .text C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe[3636] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000074b43264 6 bytes {JMP QWORD [RIP+0x7195001e]} .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000076effc20 3 bytes JMP 718a000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 0000000076effc24 2 bytes JMP 718a000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000076effc38 3 bytes JMP 7181000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 0000000076effc3c 2 bytes JMP 7181000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076effd64 3 bytes JMP 7184000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076effd68 2 bytes JMP 7184000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076f000b4 3 bytes JMP 7187000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076f000b8 2 bytes JMP 7187000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000076f001c4 3 bytes JMP 7190000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000076f001c8 2 bytes JMP 7190000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000076f00a44 3 bytes JMP 718d000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000076f00a48 2 bytes JMP 718d000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f01920 3 bytes JMP 717e000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000076f01924 2 bytes JMP 717e000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076733bbb 3 bytes JMP 717b000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076733bbf 2 bytes JMP 717b000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076342c9e 4 bytes CALL 71af0000 .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076569679 6 bytes JMP 719f000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000765712a5 6 bytes JMP 7199000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076573baa 6 bytes JMP 719c000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007657612e 6 bytes JMP 71a2000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\syswow64\USER32.dll!SendInput 000000007658ff4a 3 bytes JMP 71a5000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007658ff4e 2 bytes JMP 71a5000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\syswow64\USER32.dll!mouse_event 00000000765c027b 6 bytes JMP 71ab000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\syswow64\USER32.dll!keybd_event 00000000765c02bf 6 bytes JMP 71a8000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000074b270c4 6 bytes JMP 7193000a .text C:\Users\User\Downloads\wwmvbxht.exe[7768] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000074b43264 6 bytes JMP 7196000a ---- Threads - GMER 2.1 ---- Thread C:\Windows\SysWOW64\ntdll.dll [3768:3796] 0000000001221c24 Thread C:\Windows\SysWOW64\ntdll.dll [3768:3996] 00000000655be6a6 Thread C:\Windows\SysWOW64\ntdll.dll [3768:4808] 00000000648a319b Thread C:\Windows\SysWOW64\ntdll.dll [3768:6760] 00000000615f67e9 Thread C:\Windows\SysWOW64\ntdll.dll [3768:5160] 000000005fcbeea8 Thread C:\Windows\SysWOW64\ntdll.dll [3768:4900] 000000005fcbeea8 Thread C:\Windows\SysWOW64\ntdll.dll [3768:6508] 000000005fcbeea8 Thread C:\Windows\SysWOW64\ntdll.dll [3768:1852] 000000006ab01854 ---- Processes - GMER 2.1 ---- Library C:\Users\User\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2476](2014-07-21 20:53:38) 0000000004240000 Library c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmmb8lz.dll (*** suspicious ***) @ C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2476](2014-08-10 20:47:04) 00000000046a0000 Library C:\Users\User\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2476](2013-10-18 23:55:02) 0000000056790000 Library C:\Users\User\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2476] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 0000000055e00000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B138311B-F538-4AA5-BF90-BDB2D959CC61}\Connection@Name isatap.{6DC68DA2-3F3A-47BF-9C4A-B2C436865067} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{760CAB91-9F3F-42ED-951B-0D932FA493D8}?\Device\{F46BE5F9-9786-4034-8258-AFFDA64A4306}?\Device\{B138311B-F538-4AA5-BF90-BDB2D959CC61}?\Device\{93A936EF-BB19-4300-874D-1465A40EB742}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{760CAB91-9F3F-42ED-951B-0D932FA493D8}"?"{F46BE5F9-9786-4034-8258-AFFDA64A4306}"?"{B138311B-F538-4AA5-BF90-BDB2D959CC61}"?"{93A936EF-BB19-4300-874D-1465A40EB742}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{760CAB91-9F3F-42ED-951B-0D932FA493D8}?\Device\TCPIP6TUNNEL_{F46BE5F9-9786-4034-8258-AFFDA64A4306}?\Device\TCPIP6TUNNEL_{B138311B-F538-4AA5-BF90-BDB2D959CC61}?\Device\TCPIP6TUNNEL_{93A936EF-BB19-4300-874D-1465A40EB742}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\240a648b25dd Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{B138311B-F538-4AA5-BF90-BDB2D959CC61}@InterfaceName isatap.{6DC68DA2-3F3A-47BF-9C4A-B2C436865067} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{B138311B-F538-4AA5-BF90-BDB2D959CC61}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\240a648b25dd (not active ControlSet) ---- EOF - GMER 2.1 ---- FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01 |
Und was ist mit der Addition.txt von FRST? |
Code: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2014 01 |
Zitat:
Zitat:
|
Zitat:
Und warum sollte die Kiste rauchen? |
Und wer hat dann den Crack installiert? ;) Warum sie raucht? Man benutzt EIN EINZIGES Av Programm, nicht 10. Du sammelst nicht nur AV Programme, sondern mitunter auch den größten Scheiss den es auf dem Markt gibt (Avira, Norton......) Alles deinstallieren. ALLES. Und ein einziges AV behalten. Und bei Adobe will ich wissen wer den Crack installiert hat und warum. Bei Verdacht auf gecrackte Software gibt es keinen Support. |
Zitat:
Und zu Adobe.Adobe Lightroom ist Testversion,gedownloaded von hier https://www.adobe.com/cfusion/tdrc/index.cfm?loc=de&product=photoshop_lightroom# |
das beantwortet immer noch nicht die Frage wo der Crack her kommt. Zitat:
|
Zitat:
Ich habe nun alles von Adobe komplett deinstaliert,da ich auf Hilfe hoffe. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 08:22 Uhr. |
Copyright ©2000-2025, Trojaner-Board