Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Malware auf der Festplatte?

Malware auf der Festplatte?


Log-Analyse und Auswertung: Malware auf der Festplatte?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 12.06.2013, 13:13   #1
Gondorin
 
Malware auf der Festplatte? - Standard

Malware auf der Festplatte?


Hallo
ich benötige Hilfe bei der Erkennung von Malware, habe mit GMER mein System gecheckt, da plötzlich ein Laufwerk meiner externen Festplatte fehlt. Weiterhin sind in der Registrierung laut GMER einzelne Bereiche in Local Machine unter Software und System rot markiert. Diese sieht man über Regedit allerdings nicht, obwohl sie in GMER angezeigt werden. Habe die GMER Analyse gepostet. Ich habe noch einen Screenshot der Registry angehängt.

Viele Grüße

GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-06-12 14:04:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_DT01ACA100 rev.MS2OA750 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Gondorin\AppData\Local\Temp\pgddqpog.sys


---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\winlogon.exe[728] C:\Windows\system32\USER32.dll!PeekMessageA 0000000077603a18 14 bytes [68, 70, 38, 4B, FD, C7, 44, ...]
.text C:\Windows\system32\winlogon.exe[728] C:\Windows\system32\USER32.dll!GetMessageA 0000000077606110 14 bytes [68, 70, 37, 4B, FD, C7, 44, ...]
.text C:\Windows\system32\winlogon.exe[728] C:\Windows\system32\USER32.dll!IsDialogMessageW 00000000776066c0 14 bytes [68, 30, 37, 4B, FD, C7, 44, ...]
.text C:\Windows\system32\winlogon.exe[728] C:\Windows\system32\USER32.dll!PeekMessageW 0000000077608fd0 14 bytes [68, 10, 39, 4B, FD, C7, 44, ...]
.text C:\Windows\system32\winlogon.exe[728] C:\Windows\system32\USER32.dll!GetMessageW 0000000077609e74 14 bytes [68, F0, 37, 4B, FD, C7, 44, ...]
.text C:\Windows\system32\winlogon.exe[728] C:\Windows\system32\USER32.dll!IsDialogMessage 0000000077643268 14 bytes [68, F0, 36, 4B, FD, C7, 44, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010027091c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100270048
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001002702ee
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001002704b2
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001002709fe
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100270ae0
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010027012a
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100270758
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100270676
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001002703d0
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100270594
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010027083a
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010027020c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076a1524f 7 bytes JMP 0000000100270f52
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076a153d0 7 bytes JMP 0000000100280210
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076a15677 1 byte JMP 0000000100280048
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076a15679 5 bytes {JMP 0xffffffff8986a9d1}
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076a1589a 7 bytes JMP 0000000100270ca6
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076a15a1d 7 bytes JMP 00000001002803d8
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076a15c9b 7 bytes JMP 000000010028012c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076a15d87 7 bytes JMP 00000001002802f4
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076a17240 7 bytes JMP 0000000100270e6e
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076971492 3 bytes JMP 00000001002804bc
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 886 0000000076971496 3 bytes [89, EB, F9]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 00000001000a091c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 00000001000a0048
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001000a02ee
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001000a04b2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001000a09fe
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 00000001000a0ae0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 00000001000a012a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 00000001000a0758
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 00000001000a0676
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001000a03d0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 00000001000a0594
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 00000001000a083a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 00000001000a020c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076971492 7 bytes JMP 00000001000b059e
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076a1524f 7 bytes JMP 00000001000a0f52
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076a153d0 7 bytes JMP 00000001000b0210
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076a15677 1 byte JMP 00000001000b0048
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076a15679 5 bytes {JMP 0xffffffff8969a9d1}
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076a1589a 7 bytes JMP 00000001000a0ca6
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076a15a1d 7 bytes JMP 00000001000b03d8
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076a15c9b 7 bytes JMP 00000001000b012c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076a15d87 7 bytes JMP 00000001000b02f4
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076a17240 7 bytes JMP 00000001000a0e6e
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[1992] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[1992] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[1992] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[1992] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[1992] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[1992] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files\OO Software\Defrag\oodag.exe[1548] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 00000000774c9b80 13 bytes {MOV R11, 0x140003a70; JMP R11}
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010023091c
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100230048
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001002302ee
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001002304b2
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001002309fe
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100230ae0
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010023012a
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100230758
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100230676
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001002303d0
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100230594
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010023083a
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010023020c
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076971492 7 bytes JMP 00000001004804bc
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076a1524f 7 bytes JMP 0000000100230f52
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076a153d0 7 bytes JMP 0000000100480210
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076a15677 1 byte JMP 0000000100480048
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076a15679 5 bytes {JMP 0xffffffff89a6a9d1}
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076a1589a 7 bytes JMP 0000000100230ca6
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076a15a1d 7 bytes JMP 00000001004803d8
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076a15c9b 7 bytes JMP 000000010048012c
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076a15d87 7 bytes JMP 00000001004802f4
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076a17240 7 bytes JMP 0000000100230e6e
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Winstep\WsxService.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[3380] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[3380] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[3380] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[3380] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[3380] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[3380] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 0000000100f7091c
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100f70048
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 0000000100f702ee
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 0000000100f704b2
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 0000000100f709fe
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100f70ae0
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010059004c
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 0000000100f7012a
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100f70758
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100f70676
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 0000000100f703d0
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100f70594
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 0000000100f7083a
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 0000000100f7020c
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076a1524f 7 bytes JMP 0000000100f70f52
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076a153d0 7 bytes JMP 0000000101090210
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076a15677 1 byte JMP 0000000101090048
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076a15679 5 bytes {JMP 0xffffffff8a67a9d1}
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076a1589a 7 bytes JMP 0000000100f70ca6
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076a15a1d 7 bytes JMP 00000001010903d8
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076a15c9b 7 bytes JMP 000000010109012c
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076a15d87 7 bytes JMP 00000001010902f4
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076a17240 7 bytes JMP 0000000100f70e6e
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076971492 7 bytes JMP 000000010109059e
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010029091c
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100290048
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001002902ee
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001002904b2
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001002909fe
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100290ae0
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010029012a
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100290758
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100290676
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001002903d0
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100290594
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010029083a
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010029020c
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076971492 7 bytes JMP 00000001002a04bc
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076a1524f 7 bytes JMP 0000000100290f52
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076a153d0 7 bytes JMP 00000001002a0210
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076a15677 1 byte JMP 00000001002a0048
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076a15679 5 bytes {JMP 0xffffffff8988a9d1}
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076a1589a 7 bytes JMP 0000000100290ca6
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076a15a1d 7 bytes JMP 00000001002a03d8
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076a15c9b 7 bytes JMP 00000001002a012c
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076a15d87 7 bytes JMP 00000001002a02f4
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076a17240 7 bytes JMP 0000000100290e6e
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Winstep\Nexus.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\syswow64\kernel32.dll!CreateThread + 28 0000000076db34d1 4 bytes {CALL 0xffffffff899cacdc}
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076a1524f 7 bytes JMP 0000000100280f52
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076a153d0 7 bytes JMP 0000000100290210
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076a15677 1 byte JMP 0000000100290048
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076a15679 5 bytes {JMP 0xffffffff8987a9d1}
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076a1589a 7 bytes JMP 0000000100280ca6
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076a15a1d 7 bytes JMP 00000001002903d8
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076a15c9b 7 bytes JMP 000000010029012c
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076a15d87 7 bytes JMP 00000001002902f4
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076a17240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076971492 7 bytes JMP 0000000100290762
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe[4216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 00000001000a091c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 00000001000a0048
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001000a02ee
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001000a04b2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001000a09fe
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 00000001000a0ae0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 00000001000a012a
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 00000001000a0758
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 00000001000a0676
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001000a03d0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 00000001000a0594
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 00000001000a083a
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 00000001000a020c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076971492 7 bytes JMP 00000001000b059e
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076a1524f 7 bytes JMP 00000001000a0f52
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076a153d0 7 bytes JMP 00000001000b0210
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076a15677 1 byte JMP 00000001000b0048
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076a15679 5 bytes {JMP 0xffffffff8969a9d1}
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076a1589a 7 bytes JMP 00000001000a0ca6
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076a15a1d 7 bytes JMP 00000001000b03d8
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076a15c9b 7 bytes JMP 00000001000b012c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076a15d87 7 bytes JMP 00000001000b02f4
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076a17240 7 bytes JMP 00000001000a0e6e
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 00000001002b091c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 00000001002b0048
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001002b02ee
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001002b04b2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001002b09fe
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 00000001002b0ae0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010028004c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 00000001002b012a
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 00000001002b0758
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 00000001002b0676
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001002b03d0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 00000001002b0594
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 00000001002b083a
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 00000001002b020c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076971492 7 bytes JMP 00000001002c059e
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076a1524f 7 bytes JMP 00000001002b0f52
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076a153d0 7 bytes JMP 00000001002c0210
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076a15677 1 byte JMP 00000001002c0048
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076a15679 5 bytes {JMP 0xffffffff898aa9d1}
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076a1589a 7 bytes JMP 00000001002b0ca6
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076a15a1d 7 bytes JMP 00000001002c03d8
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076a15c9b 7 bytes JMP 00000001002c012c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076a15d87 7 bytes JMP 00000001002c02f4
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076a17240 7 bytes JMP 00000001002b0e6e
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Windows\explorer.exe[4356] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdbf7490 5 bytes JMP 000007fffbae0060
.text C:\Windows\explorer.exe[4356] C:\Windows\system32\dwmapi.dll!DwmExtendFrameIntoClientArea 000007fefbaf3580 5 bytes JMP 000007fffbae0010
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010010091c
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100100048
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001001002ee
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001001004b2
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001001009fe
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100100ae0
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010010012a
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100100758
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100100676
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001001003d0
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100100594
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010010083a
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010010020c
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076971492 7 bytes JMP 00000001001104bc
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076a1524f 7 bytes JMP 0000000100100f52
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076a153d0 7 bytes JMP 0000000100110210
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076a15677 1 byte JMP 0000000100110048
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076a15679 5 bytes {JMP 0xffffffff896fa9d1}
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076a1589a 7 bytes JMP 0000000100100ca6
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076a15a1d 7 bytes JMP 00000001001103d8
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076a15c9b 7 bytes JMP 000000010011012c
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076a15d87 7 bytes JMP 00000001001102f4
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076a17240 7 bytes JMP 0000000100100e6e
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Clover\clover.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [4748] entry point in ".rdata" section 000000006fdb71e6
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010028091c
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100280048
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001002802ee
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001002804b2
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001002809fe
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100280ae0
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010028012a
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100280758
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100280676
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001002803d0
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100280594
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010028083a
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010028020c
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076a1524f 7 bytes JMP 0000000100280f52
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076a153d0 7 bytes JMP 0000000100290210
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076a15677 1 byte JMP 0000000100290048
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076a15679 5 bytes {JMP 0xffffffff8987a9d1}
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076a1589a 7 bytes JMP 0000000100280ca6
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076a15a1d 7 bytes JMP 00000001002903d8
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076a15c9b 7 bytes JMP 000000010029012c
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076a15d87 7 bytes JMP 00000001002902f4
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076a17240 7 bytes JMP 0000000100280e6e
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000769278e2 6 bytes [68, A0, 36, 18, 75, C3]
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076927bd3 6 bytes [68, 00, 36, 18, 75, C3]
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000769305ba 6 bytes [68, F0, 37, 18, 75, C3]
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076935f74 6 bytes [68, 40, 37, 18, 75, C3]
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000769450ed 6 bytes [68, 00, 35, 18, 75, C3]
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007694c701 6 bytes [68, 80, 35, 18, 75, C3]
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076971492 7 bytes JMP 00000001002904bc
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text D:\Downloads\SecurityTools\CHIP AntiTools\gmer_2.1.19163.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2

---- EOF - GMER 2.1 ----
Miniaturansicht angehängter Grafiken
Klicken Sie auf die Grafik für eine größere Ansicht Name: Screenshot (14h 10m 11s).jpg Hits: 185 Größe: 188,5 KB ID: 56313  

 

Themen zu Malware auf der Festplatte?
.dll, adobe, appdata, explorer.exe, festplatte, free, gmer, harddisk, laufwerk, live, malware, ntdll.dll, nvidia, regedit, registry, rootkit, scan, screenshot, security, software, system, system32, temp, toshiba, winlogon.exe, zemana


« TR/Crypt.XPACK.Gen auf Laptop gefunden. Wie entfernen? | GVU Trojaner 2013 [win xp SP3] »


Ähnliche Themen: Malware auf der Festplatte?


  1. Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt
    Plagegeister aller Art und deren Bekämpfung - 16.02.2018 (27)
  2. Win7 64bit Festplatte "rödelt" oft im Hintergrund während des Surfens! Virus? Malware?
    Plagegeister aller Art und deren Bekämpfung - 04.04.2014 (5)
  3. Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen!
    Log-Analyse und Auswertung - 24.05.2013 (58)
  4. email link Malware Funde Heur.PE@4294967295, Malware@#nwdk01o66rpro, Malware@#2x6qrvr63cjrw
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (10)
  5. Malware durch Festplatte formatieren entfernen?
    Diskussionsforum - 13.10.2012 (9)
  6. Malware auf der Festplatte (CK Visitenkarten Designer)
    Log-Analyse und Auswertung - 03.07.2012 (9)
  7. Virus/Malware verhindert Installation/Start jeglicher Anti-Malware/Virusprogramme
    Plagegeister aller Art und deren Bekämpfung - 03.02.2012 (17)
  8. SATA Festplatte nicht verfügbar Malware/Virus
    Plagegeister aller Art und deren Bekämpfung - 26.05.2011 (3)
  9. trojaner ''festplatte beschädigt - durch problem mit IDE/ SATA festplatte''
    Plagegeister aller Art und deren Bekämpfung - 18.05.2011 (3)
  10. Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt
    Plagegeister aller Art und deren Bekämpfung - 21.04.2011 (1)
  11. Gefahr für Mac durch Trojaner/Malware auf externer Festplatte?
    Alles rund um Mac OSX & Linux - 07.04.2011 (39)
  12. Virus autorun.inf auf Festplatte, externer Festplatte und USB
    Plagegeister aller Art und deren Bekämpfung - 15.02.2011 (20)
  13. Malware Spyware.passwords.xgen durch Malwarebyte Anti-Malware erkannt.
    Plagegeister aller Art und deren Bekämpfung - 19.12.2010 (50)
  14. Malware auf Externer Festplatte
    Plagegeister aller Art und deren Bekämpfung - 23.08.2010 (27)
  15. Malware Autostart.ini auf der Festplatte
    Plagegeister aller Art und deren Bekämpfung - 01.02.2009 (1)
  16. Malware auf externer Festplatte
    Plagegeister aller Art und deren Bekämpfung - 30.01.2009 (10)
  17. [B]Festplatte über Trojaner Festplatte gekapert? Gibt´s denn sowas?[/B]
    Plagegeister aller Art und deren Bekämpfung - 27.09.2004 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Malware auf der Festplatte? - Hallo ich benötige Hilfe bei der Erkennung von Malware, habe mit GMER mein System gecheckt, da plötzlich ein Laufwerk meiner externen Festplatte fehlt. Weiterhin sind in der Registrierung laut GMER - Malware auf der Festplatte?...
Archiv
Du betrachtest: Malware auf der Festplatte? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19