Code:
Alles auswählen Aufklappen ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-14 15:18:09
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4 ST1000DM003-9YN162 rev.CC4B 931,51GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\pc\AppData\Local\Temp\pxldapoc.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1756] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes [98, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1756] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1756] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1756] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1756] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes [98, 76]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1040] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000074e587b1 5 bytes [33, C0, C2, 04, 00]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes [98, 76]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1040] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes [98, 76]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes [98, 76]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes [98, 76]
.text ... * 9
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1040] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes [98, 76]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes [98, 76]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1040] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes [98, 76]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes [98, 76]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes [98, 76]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1040] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes [98, 76]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes [98, 76]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes [98, 76]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1040] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes [98, 76]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes [98, 76]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes [98, 76]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes [98, 76]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1268] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1268] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes [98, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1268] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1268] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1268] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1268] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1268] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1268] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1268] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1268] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1268] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1268] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1268] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1268] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1268] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[348] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[348] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes [98, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[348] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[348] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[348] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[348] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[348] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[348] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[348] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[348] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[348] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[348] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[348] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[348] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[348] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes [98, 76]
.text C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe[2132] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000076981401 2 bytes [98, 76]
.text C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe[2132] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000076981419 2 bytes [98, 76]
.text C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe[2132] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000076981431 2 bytes [98, 76]
.text C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe[2132] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007698144a 2 bytes [98, 76]
.text ... * 9
.text C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe[2132] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000769814dd 2 bytes [98, 76]
.text C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe[2132] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes [98, 76]
.text C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe[2132] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007698150d 2 bytes [98, 76]
.text C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe[2132] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes [98, 76]
.text C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe[2132] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007698153d 2 bytes [98, 76]
.text C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe[2132] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000076981555 2 bytes [98, 76]
.text C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe[2132] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007698156d 2 bytes [98, 76]
.text C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe[2132] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000076981585 2 bytes [98, 76]
.text C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe[2132] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007698159d 2 bytes [98, 76]
.text C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe[2132] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000769815b5 2 bytes [98, 76]
.text C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe[2132] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000769815cd 2 bytes [98, 76]
.text C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe[2132] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes [98, 76]
.text C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe[2132] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076b12da4 5 bytes JMP 0000000170c89eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076b2cbf3 5 bytes JMP 0000000170dd8fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076b2cfca 5 bytes JMP 0000000170be1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000076b4cb0c 5 bytes JMP 0000000170dd8f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076b4ce64 5 bytes JMP 0000000170dd901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076b5fbd1 5 bytes JMP 0000000170dd8ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076b5fc9d 5 bytes JMP 0000000170dd8e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b5fcd6 5 bytes JMP 0000000170dd8dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b5fcfa 5 bytes JMP 0000000170dd8d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000074e193ec 5 bytes JMP 0000000170dd91d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes [98, 76]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 0000000073e9388e 5 bytes JMP 0000000170dd9080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000073f37922 5 bytes JMP 0000000170dd9128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2340] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076682694 5 bytes JMP 0000000170dd93c8
? C:\Windows\system32\mssprxy.dll [2340] entry point in ".rdata" section 00000000644071e6
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2376] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes [98, 76]
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2376] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2376] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2376] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2376] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes [98, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2600] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000724a17fa 2 bytes [4A, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2600] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000724a1860 2 bytes [4A, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2600] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000724a1942 2 bytes [4A, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2600] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000724a194d 2 bytes [4A, 72]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2628] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000724a17fa 2 bytes [4A, 72]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2628] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000724a1860 2 bytes [4A, 72]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2628] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000724a1942 2 bytes [4A, 72]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2628] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000724a194d 2 bytes [4A, 72]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2628] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076981401 2 bytes [98, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2628] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076981419 2 bytes [98, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2628] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076981431 2 bytes [98, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2628] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007698144a 2 bytes [98, 76]
.text ... * 9
.text C:\Windows\SysWOW64\PnkBstrB.exe[2628] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000769814dd 2 bytes [98, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2628] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes [98, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2628] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007698150d 2 bytes [98, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2628] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes [98, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2628] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007698153d 2 bytes [98, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2628] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076981555 2 bytes [98, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2628] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007698156d 2 bytes [98, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2628] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076981585 2 bytes [98, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2628] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007698159d 2 bytes [98, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2628] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000769815b5 2 bytes [98, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2628] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000769815cd 2 bytes [98, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2628] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes [98, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2628] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes [98, 76]
.text C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes [98, 76]
.text C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe[3152] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes [98, 76]
.text C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes [98, 76]
.text C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes [98, 76]
.text ... * 9
.text C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe[3152] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes [98, 76]
.text C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes [98, 76]
.text C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe[3152] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes [98, 76]
.text C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes [98, 76]
.text C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes [98, 76]
.text C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe[3152] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes [98, 76]
.text C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes [98, 76]
.text C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes [98, 76]
.text C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe[3152] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes [98, 76]
.text C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes [98, 76]
.text C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes [98, 76]
.text C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes [98, 76]
.text C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes [98, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000776a25fd 6 bytes JMP 0000000170ca8042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000776b2a63 6 bytes JMP 0000000170c49805
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000074e534b5 5 bytes JMP 0000000170c475db
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b08a29 5 bytes JMP 0000000170cb03cf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076b0d22e 5 bytes JMP 0000000170c5363b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076b1291f 5 bytes JMP 0000000170c2ddab
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076b12da4 5 bytes JMP 0000000170c89eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b16285 5 bytes JMP 0000000170ca7fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b17603 5 bytes JMP 0000000170c825ac
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000076b1b029 5 bytes JMP 0000000170dd9358
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000076b1c63e 5 bytes JMP 0000000170dd9390
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000076b250ed 5 bytes JMP 0000000170dd9a52
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000076b25246 5 bytes JMP 0000000170dd92e8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!EndDialog 0000000076b2b99c 5 bytes JMP 0000000170dd9d26
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000076b2c701 5 bytes JMP 0000000170dd9a7a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076b2cbf3 5 bytes JMP 0000000170dd8fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076b2cfca 5 bytes JMP 0000000170be1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076b2eb96 5 bytes JMP 0000000170c2ded5
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b2f52b 5 bytes JMP 0000000170cced00
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!SendInput 0000000076b2ff4a 5 bytes JMP 0000000170dda2e9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000076b310dc 5 bytes JMP 0000000170dd9320
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!SetKeyboardState 0000000076b314b2 5 bytes JMP 0000000170dda341
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076b49cfd 5 bytes JMP 0000000170dda3c2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000076b4cb0c 5 bytes JMP 0000000170dd8f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076b4ce64 5 bytes JMP 0000000170dd901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076b5fbd1 5 bytes JMP 0000000170dd8ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076b5fc9d 5 bytes JMP 0000000170dd8e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b5fcd6 5 bytes JMP 0000000170dd8dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b5fcfa 5 bytes JMP 0000000170dd8d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076b602bf 5 bytes JMP 0000000170dda2a6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076996143 5 bytes JMP 0000000170dd9784
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 62 00000000769d9d49 7 bytes JMP 00000001046a00f0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\urlmon.dll!URLOpenPullStreamA + 158 00000000754a0caf 7 bytes JMP 00000001046a025c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA + 266 00000000754a0dbe 7 bytes JMP 00000001046a045a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000074db3e59 5 bytes JMP 0000000170dd987c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000074db3eae 5 bytes JMP 0000000170dd98fa
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000074db4731 5 bytes JMP 0000000170dd97ee
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000074db5dee 5 bytes JMP 0000000170dd989a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000074e193ec 5 bytes JMP 0000000170dd91d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes [98, 76]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 0000000073e9388e 5 bytes JMP 0000000170dd9080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000073f37922 5 bytes JMP 0000000170dd9128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000766733a3 5 bytes JMP 0000000170dd946c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076682694 5 bytes JMP 0000000170dd93c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4136] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 000000007668e8ff 5 bytes JMP 0000000170dd9538
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes [98, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4896] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes [98, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes [98, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes [98, 76]
.text ... * 9
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4896] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes [98, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes [98, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes [98, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes [98, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes [98, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4896] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes [98, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes [98, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes [98, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes [98, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes [98, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes [98, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes [98, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000776a25fd 6 bytes JMP 0000000170ca8042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000776b2a63 6 bytes JMP 0000000170c49805
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000074e534b5 5 bytes JMP 0000000170c475db
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b08a29 5 bytes JMP 0000000170cb03cf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076b0d22e 5 bytes JMP 0000000170c5363b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076b1291f 5 bytes JMP 0000000170c2ddab
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076b12da4 5 bytes JMP 0000000170c89eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b16285 5 bytes JMP 0000000170ca7fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b17603 5 bytes JMP 0000000170c825ac
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000076b1b029 5 bytes JMP 0000000170dd9358
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000076b1c63e 5 bytes JMP 0000000170dd9390
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000076b250ed 5 bytes JMP 0000000170dd9a52
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000076b25246 5 bytes JMP 0000000170dd92e8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!EndDialog 0000000076b2b99c 5 bytes JMP 0000000170dd9d26
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000076b2c701 5 bytes JMP 0000000170dd9a7a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076b2cbf3 5 bytes JMP 0000000170dd8fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076b2cfca 5 bytes JMP 0000000170be1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076b2eb96 5 bytes JMP 0000000170c2ded5
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b2f52b 5 bytes JMP 0000000170cced00
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!SendInput 0000000076b2ff4a 5 bytes JMP 0000000170dda2e9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000076b310dc 5 bytes JMP 0000000170dd9320
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!SetKeyboardState 0000000076b314b2 5 bytes JMP 0000000170dda341
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076b49cfd 5 bytes JMP 0000000170dda3c2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000076b4cb0c 5 bytes JMP 0000000170dd8f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076b4ce64 5 bytes JMP 0000000170dd901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076b5fbd1 5 bytes JMP 0000000170dd8ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076b5fc9d 5 bytes JMP 0000000170dd8e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b5fcd6 5 bytes JMP 0000000170dd8dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b5fcfa 5 bytes JMP 0000000170dd8d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076b602bf 5 bytes JMP 0000000170dda2a6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076996143 5 bytes JMP 0000000170dd9784
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 62 00000000769d9d49 7 bytes JMP 00000001048d0165
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\urlmon.dll!URLOpenPullStreamA + 158 00000000754a0caf 7 bytes JMP 00000001048d02c5
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA + 266 00000000754a0dbe 7 bytes JMP 00000001048d04c3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000074db3e59 5 bytes JMP 0000000170dd987c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000074db3eae 5 bytes JMP 0000000170dd98fa
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000074db4731 5 bytes JMP 0000000170dd97ee
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000074db5dee 5 bytes JMP 0000000170dd989a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000074e193ec 5 bytes JMP 0000000170dd91d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes [98, 76]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 0000000073e9388e 5 bytes JMP 0000000170dd9080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000073f37922 5 bytes JMP 0000000170dd9128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000766733a3 5 bytes JMP 0000000170dd946c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076682694 5 bytes JMP 0000000170dd93c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4824] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 000000007668e8ff 5 bytes JMP 0000000170dd9538
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes [98, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5412] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes [98, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes [98, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes [98, 76]
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5412] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes [98, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes [98, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5412] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes [98, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes [98, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes [98, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5412] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes [98, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes [98, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes [98, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5412] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes [98, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes [98, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes [98, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes [98, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3700] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes [98, 76]
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3700] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3700] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3700] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3700] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes [98, 76]
.text C:\Users\pc\Desktop\OTL.exe [760] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17 0000000076981401 2 bytes [98, 76]
.text C:\Users\pc\Desktop\OTL.exe [760] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17 0000000076981419 2 bytes [98, 76]
.text C:\Users\pc\Desktop\OTL.exe [760] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17 0000000076981431 2 bytes [98, 76]
.text C:\Users\pc\Desktop\OTL.exe [760] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42 000000007698144a 2 bytes [98, 76]
.text ... * 9
.text C:\Users\pc\Desktop\OTL.exe [760] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17 00000000769814dd 2 bytes [98, 76]
.text C:\Users\pc\Desktop\OTL.exe [760] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes [98, 76]
.text C:\Users\pc\Desktop\OTL.exe [760] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17 000000007698150d 2 bytes [98, 76]
.text C:\Users\pc\Desktop\OTL.exe [760] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes [98, 76]
.text C:\Users\pc\Desktop\OTL.exe [760] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17 000000007698153d 2 bytes [98, 76]
.text C:\Users\pc\Desktop\OTL.exe [760] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17 0000000076981555 2 bytes [98, 76]
.text C:\Users\pc\Desktop\OTL.exe [760] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17 000000007698156d 2 bytes [98, 76]
.text C:\Users\pc\Desktop\OTL.exe [760] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17 0000000076981585 2 bytes [98, 76]
.text C:\Users\pc\Desktop\OTL.exe [760] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17 000000007698159d 2 bytes [98, 76]
.text C:\Users\pc\Desktop\OTL.exe [760] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17 00000000769815b5 2 bytes [98, 76]
.text C:\Users\pc\Desktop\OTL.exe [760] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17 00000000769815cd 2 bytes [98, 76]
.text C:\Users\pc\Desktop\OTL.exe [760] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes [98, 76]
.text C:\Users\pc\Desktop\OTL.exe [760] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000776a25fd 6 bytes JMP 0000000170ca8042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000776b2a63 6 bytes JMP 0000000170c49805
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000074e534b5 5 bytes JMP 0000000170c475db
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b08a29 5 bytes JMP 0000000170cb03cf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076b0d22e 5 bytes JMP 0000000170c5363b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076b1291f 5 bytes JMP 0000000170c2ddab
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076b12da4 5 bytes JMP 0000000170c89eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b16285 5 bytes JMP 0000000170ca7fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b17603 5 bytes JMP 0000000170c825ac
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000076b1b029 5 bytes JMP 0000000170dd9358
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000076b1c63e 5 bytes JMP 0000000170dd9390
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000076b250ed 5 bytes JMP 0000000170dd9a52
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000076b25246 5 bytes JMP 0000000170dd92e8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!EndDialog 0000000076b2b99c 5 bytes JMP 0000000170dd9d26
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000076b2c701 5 bytes JMP 0000000170dd9a7a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076b2cbf3 5 bytes JMP 0000000170dd8fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076b2cfca 5 bytes JMP 0000000170be1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076b2eb96 5 bytes JMP 0000000170c2ded5
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b2f52b 5 bytes JMP 0000000170cced00
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!SendInput 0000000076b2ff4a 5 bytes JMP 0000000170dda2e9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000076b310dc 5 bytes JMP 0000000170dd9320
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!SetKeyboardState 0000000076b314b2 5 bytes JMP 0000000170dda341
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076b49cfd 5 bytes JMP 0000000170dda3c2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000076b4cb0c 5 bytes JMP 0000000170dd8f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076b4ce64 5 bytes JMP 0000000170dd901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076b5fbd1 5 bytes JMP 0000000170dd8ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076b5fc9d 5 bytes JMP 0000000170dd8e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b5fcd6 5 bytes JMP 0000000170dd8dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b5fcfa 5 bytes JMP 0000000170dd8d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076b602bf 5 bytes JMP 0000000170dda2a6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076996143 5 bytes JMP 0000000170dd9784
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 62 00000000769d9d49 7 bytes JMP 00000001044900f0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\urlmon.dll!URLOpenPullStreamA + 158 00000000754a0caf 7 bytes JMP 000000010449025c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA + 266 00000000754a0dbe 7 bytes JMP 000000010449045a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000074db3e59 5 bytes JMP 0000000170dd987c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000074db3eae 5 bytes JMP 0000000170dd98fa
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000074db4731 5 bytes JMP 0000000170dd97ee
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000074db5dee 5 bytes JMP 0000000170dd989a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000074e193ec 5 bytes JMP 0000000170dd91d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes [98, 76]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 0000000073e9388e 5 bytes JMP 0000000170dd9080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000073f37922 5 bytes JMP 0000000170dd9128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000766733a3 5 bytes JMP 0000000170dd946c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076682694 5 bytes JMP 0000000170dd93c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4340] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 000000007668e8ff 5 bytes JMP 0000000170dd9538
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2264] 000000006c9c0000
---- EOF - GMER 2.0 ----
14.01.2013, 15:48
Hybrid-Darstellung
