Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Generic 14.DNH

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.07.2009, 20:20   #16
Scars
 
Generic 14.DNH - Standard

Generic 14.DNH



Hijackthis

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:17:23, on 26.07.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\PC Tools AntiVirus\PCTAV.exe
C:\Programme\ThreatFire\TFTray.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe
C:\Programme\ThreatFire\TFService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Opera\opera.exe
C:\PROGRA~1\ICQ6.5\ICQ.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PCTAVApp] "C:\Programme\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [ThreatFire] C:\Programme\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Programme\ThreatFire\TFService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5559 bytes
         

Alt 26.07.2009, 20:25   #17
Scars
 
Generic 14.DNH - Standard

Generic 14.DNH



Code:
ATTFilter
Adobe Photoshop CS2
Adobe Reader 9.1 - Deutsch
ATI - Dienstprogramm zur Deinstallation der Software
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Problem Report Wizard
AusLogics BoostSpeed
Avira AntiVir Personal - Free Antivirus
AVIVO Codecs
CCleaner (remove only)
DivX
DivX Converter
DivX Player
DivX Web Player
High Definition Audio Driver Package - KB888111
HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
HijackThis 2.0.2
ICQ6.5
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 14
Macromedia Flash MX 2004
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft Baseline Security Analyzer 1.2.1
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.1)
MSXML 6.0 Parser (KB933579)
Opera 9.64
PC Tools AntiVirus 6.0
Realtek High Definition Audio Driver
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
TeamViewer 4
ThreatFire
TuneUp Utilities 2006
VLC media player 0.9.9
WinRAR
ZoneAlarm Pro
         
__________________


Alt 26.07.2009, 20:30   #18
KarlKarl
/// Helfer-Team
 
Generic 14.DNH - Standard

Generic 14.DNH



Hi,

solange Du deine Kiste damit neu aufsetzt
Zitat:
25.07.2009 22:59 5.462 KEYGEN.EXE-1D173932.pf
25.07.2009 22:59 40.436 IMAGEREADY.EXE-11BB23A9.pf
25.07.2009 22:59 12.018 CS2SIL.EXE-074A3413.pf
25.07.2009 22:58 12.968 SILIN.EXE-30ED024E.pf
25.07.2009 22:58 12.740 OSIL.EXE-12D955B9.pf
25.07.2009 22:58 4.844 OW32DEDE850.EXE-168A8554.pf
25.07.2009 22:58 29.514 GLB179.TMP-1976588E.pf
25.07.2009 22:58 8.508 MSOHTMED.EXE-14B8D6FE.pf
wirst Du sie nie fit bekommen. Probier es doch einfach mal mit Gimp. Keinen Deut schlechter als Photoshop, einziger Nachteil ist, dass der Coolnessfaktor das Programm zu klauen wegfällt. Ist nämlich frei.

Karl
__________________

Alt 26.07.2009, 21:28   #19
Scars
 
Generic 14.DNH - Standard

Generic 14.DNH



Code:
ATTFilter
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-26 22:14:53
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                     ZwCreateFile [0xA7B65B70]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                 ZwCreateKey [0xBA6CE514]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                     ZwCreateProcess [0xA7B7D760]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                     ZwCreateProcessEx [0xA7B7D980]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                     ZwCreateSection [0xA7B80610]
SSDT            BAFF4444                                                                                                        ZwCreateThread
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                     ZwDeleteFile [0xA7B66180]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                 ZwDeleteKey [0xBA6CED00]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                 ZwDeleteValueKey [0xBA6CEFB8]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                     ZwDuplicateObject [0xA7B7D080]
SSDT            BAFF4462                                                                                                        ZwLoadKey
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                     ZwOpenFile [0xA7B65FD0]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                 ZwOpenKey [0xBA6CD3FA]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                     ZwOpenProcess [0xA7B7CE80]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                     ZwOpenThread [0xA7B7CC40]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                 ZwRenameKey [0xBA6CF422]
SSDT            BAFF446C                                                                                                        ZwReplaceKey
SSDT            BAFF4467                                                                                                        ZwRestoreKey
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                     ZwSecureConnectPort [0xA7B68E40]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                     ZwSetInformationFile [0xA7B662F0]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                 ZwSetValueKey [0xBA6CE7D8]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                     ZwTerminateProcess [0xA7B7DBB0]

---- Kernel code sections - GMER 1.0.15 ----

?               C:\WINDOWS\system32\Drivers\mchInjDrv.sys
         

Alt 26.07.2009, 21:32   #20
Scars
 
Generic 14.DNH - Standard

Generic 14.DNH



Code:
ATTFilter
                                                                     Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\ctfmon.exe[116] ntdll.dll!NtLoadDriver                                                      7C91DB6E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\ctfmon.exe[116] ntdll.dll!NtLoadDriver + 4                                                  7C91DB72 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\WINDOWS\system32\ctfmon.exe[116] ntdll.dll!NtSuspendProcess                                                  7C91E83A 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\ctfmon.exe[116] ntdll.dll!NtSuspendProcess + 4                                              7C91E83E 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateFileA                                                    7C801A24 6 Bytes  JMP 5F730F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!VirtualProtect                                                 7C801AD0 6 Bytes  JMP 5F7C0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!LoadLibraryExW                                                 7C801AF1 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!LoadLibraryExW + C4                                            7C801BB5 4 Bytes  CALL 00C20001 
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!LoadLibraryA                                                   7C801D77 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!TerminateProcess                                               7C801E16 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!GetStartupInfoA                                                7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!WriteProcessMemory                                             7C80220F 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateProcessW                                                 7C802332 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateProcessA                                                 7C802367 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!LoadResource                                                   7C80A065 6 Bytes  JMP 5F880F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!GetProcAddress                                                 7C80AC28 6 Bytes  JMP 5F610F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!LoadLibraryW                                                   7C80ACD3 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateMutexA                                                   7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateRemoteThread                                             7C810626 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateRemoteThread + 4                                         7C81062A 2 Bytes  [11, 5F]
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateThread                                                   7C81082F 6 Bytes  JMP 5F790F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateFileW                                                    7C810976 6 Bytes  JMP 5F700F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!GetCommandLineA                                                7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!TerminateThread                                                7C81CACB 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!GetVolumeInformationA                                          7C827052 6 Bytes  JMP 5F640F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!DebugActiveProcess                                             7C859F0B 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!WinExec                                                        7C86114D 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateToolhelp32Snapshot                                       7C8647B7 6 Bytes  JMP 5F760F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] ADVAPI32.dll!RegOpenKeyExA                                                  77DA761B 6 Bytes  JMP 5F6A0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] ADVAPI32.dll!RegCreateKeyExA                                                77DAEAF4 6 Bytes  JMP 5F670F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] ADVAPI32.dll!RegSetValueExA                                                 77DAEBE7 6 Bytes  JMP 5F6D0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] ADVAPI32.dll!OpenSCManagerA                                                 77DBADA7 6 Bytes  JMP 5F7F0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] ADVAPI32.dll!LsaRemoveAccountRights                                         77DEAA41 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] ADVAPI32.dll!CreateServiceA                                                 77E07071 6 Bytes  JMP 5F580F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!GetKeyState                                                      77D1C505 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!ShowWindow                                                       77D1D8A4 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!ShowWindow + 4                                                   77D1D8A8 2 Bytes  [86, 5F]
.text           C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!GetAsyncKeyState                                                 77D1E655 6 Bytes  JMP 5F4F0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!SetWindowsHookExW                                                77D2E4AF 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!SetWindowsHookExA                                                77D311E9 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!SetWinEventHook                                                  77D317C8 6 Bytes  JMP 5F5B0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!GetWindowTextA                                                   77D3213C 6 Bytes  JMP 5F820F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!DdeConnect                                                       77D57D7B 6 Bytes  JMP 5F520F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!EndTask                                                          77D59C5D 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!RegisterRawInputDevices                                          77D6C9C6 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!RegisterRawInputDevices + 4                                      77D6C9CA 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\WINDOWS\system32\ctfmon.exe[116] SHELL32.dll!ShellExecuteExW                                                 7CA1172B 6 Bytes  JMP 5F3A0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] SHELL32.dll!ShellExecuteEx                                                  7CA50AED 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] SHELL32.dll!ShellExecuteA                                                   7CA50E18 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[116] SHELL32.dll!ShellExecuteW                                                   7CAC4A18 6 Bytes  JMP 5F340F5A 
.text           C:\Programme\ThreatFire\TFService.exe[360] kernel32.dll!LoadLibraryExW + C4                                     7C801BB5 4 Bytes  CALL 01B20001 
.text           C:\Programme\ThreatFire\TFService.exe[360] kernel32.dll!GetStartupInfoA                                         7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programme\ThreatFire\TFService.exe[360] kernel32.dll!CreateMutexA                                            7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\ThreatFire\TFService.exe[360] kernel32.dll!GetCommandLineA                                         7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\Explorer.EXE[540] ntdll.dll!NtLoadDriver                                                             7C91DB6E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[540] ntdll.dll!NtLoadDriver + 4                                                         7C91DB72 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\WINDOWS\Explorer.EXE[540] ntdll.dll!NtSuspendProcess                                                         7C91E83A 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[540] ntdll.dll!NtSuspendProcess + 4                                                     7C91E83E 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateFileA                                                           7C801A24 6 Bytes  JMP 5F730F5A 
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!VirtualProtect                                                        7C801AD0 6 Bytes  JMP 5F7C0F5A 
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!LoadLibraryExW                                                        7C801AF1 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!LoadLibraryExW + C4                                                   7C801BB5 4 Bytes  CALL 00CD0001 
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!LoadLibraryA                                                          7C801D77 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!TerminateProcess                                                      7C801E16 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!GetStartupInfoA                                                       7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!WriteProcessMemory                                                    7C80220F 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateProcessW                                                        7C802332 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateProcessA                                                        7C802367 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!LoadResource                                                          7C80A065 6 Bytes  JMP 5F880F5A 
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!GetProcAddress                                                        7C80AC28 6 Bytes  JMP 5F610F5A 
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!LoadLibraryW                                                          7C80ACD3 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateMutexA                                                          7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateRemoteThread                                                    7C810626 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateRemoteThread + 4                                                7C81062A 2 Bytes  [11, 5F]
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateThread                                                          7C81082F 6 Bytes  JMP 5F790F5A 
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateFileW                                                           7C810976 6 Bytes  JMP 5F700F5A 
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!GetCommandLineA                                                       7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!TerminateThread                                                       7C81CACB 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!GetVolumeInformationA                                                 7C827052 6 Bytes  JMP 5F640F5A 
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!DebugActiveProcess                                                    7C859F0B 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!WinExec                                                               7C86114D 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateToolhelp32Snapshot                                              7C8647B7 6 Bytes  JMP 5F760F5A 
.text           C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!RegOpenKeyExA                                                         77DA761B 6 Bytes  JMP 5F6A0F5A 
.text           C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!RegCreateKeyExA                                                       77DAEAF4 6 Bytes  JMP 5F670F5A 
.text           C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!RegSetValueExA                                                        77DAEBE7 6 Bytes  JMP 5F6D0F5A 
.text           C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!OpenSCManagerA                                                        77DBADA7 6 Bytes  JMP 5F7F0F5A 
.text           C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!LsaRemoveAccountRights                                                77DEAA41 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!CreateServiceA                                                        77E07071 6 Bytes  JMP 5F580F5A 
.text           C:\WINDOWS\Explorer.EXE[540] USER32.dll!GetKeyState                                                             77D1C505 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\Explorer.EXE[540] USER32.dll!ShowWindow                                                              77D1D8A4 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[540] USER32.dll!ShowWindow + 4                                                          77D1D8A8 2 Bytes  [86, 5F]
.text           C:\WINDOWS\Explorer.EXE[540] USER32.dll!GetAsyncKeyState                                                        77D1E655 6 Bytes  JMP 5F4F0F5A 
.text           C:\WINDOWS\Explorer.EXE[540] USER32.dll!SetWindowsHookExW                                                       77D2E4AF 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\Explorer.EXE[540] USER32.dll!SetWindowsHookExA                                                       77D311E9 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\Explorer.EXE[540] USER32.dll!SetWinEventHook                                                         77D317C8 6 Bytes  JMP 5F5B0F5A 
.text           C:\WINDOWS\Explorer.EXE[540] USER32.dll!GetWindowTextA                                                          77D3213C 6 Bytes  JMP 5F820F5A 
.text           C:\WINDOWS\Explorer.EXE[540] USER32.dll!DdeConnect                                                              77D57D7B 6 Bytes  JMP 5F520F5A 
.text           C:\WINDOWS\Explorer.EXE[540] USER32.dll!EndTask                                                                 77D59C5D 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\Explorer.EXE[540] USER32.dll!RegisterRawInputDevices                                                 77D6C9C6 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Explorer.EXE[540] USER32.dll!RegisterRawInputDevices + 4                                             77D6C9CA 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\WINDOWS\Explorer.EXE[540] SHELL32.dll!ShellExecuteExW                                                        7CA1172B 6 Bytes  JMP 5F3A0F5A 
.text           C:\WINDOWS\Explorer.EXE[540] SHELL32.dll!ShellExecuteEx                                                         7CA50AED 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\Explorer.EXE[540] SHELL32.dll!ShellExecuteA                                                          7CA50E18 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\Explorer.EXE[540] SHELL32.dll!ShellExecuteW                                                          7CAC4A18 6 Bytes  JMP 5F340F5A
         


Alt 26.07.2009, 21:33   #21
Scars
 
Generic 14.DNH - Standard

Generic 14.DNH



Code:
ATTFilter
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] ntdll.dll!NtLoadDriver                                              7C91DB6E 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] ntdll.dll!NtLoadDriver + 4                                          7C91DB72 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] ntdll.dll!NtSuspendProcess                                          7C91E83A 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] ntdll.dll!NtSuspendProcess + 4                                      7C91E83E 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateFileA                                            7C801A24 6 Bytes  JMP 5F730F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!VirtualProtect                                         7C801AD0 6 Bytes  JMP 5F7C0F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!LoadLibraryExW                                         7C801AF1 6 Bytes  JMP 5F130F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!LoadLibraryExW + C4                                    7C801BB5 4 Bytes  CALL 00B40001 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!LoadLibraryA                                           7C801D77 6 Bytes  JMP 5F1F0F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!TerminateProcess                                       7C801E16 6 Bytes  JMP 5F190F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!GetStartupInfoA                                        7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!WriteProcessMemory                                     7C80220F 6 Bytes  JMP 5F1C0F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateProcessW                                         7C802332 6 Bytes  JMP 5F2E0F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateProcessA                                         7C802367 6 Bytes  JMP 5F2B0F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!LoadResource                                           7C80A065 6 Bytes  JMP 5F880F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!GetProcAddress                                         7C80AC28 6 Bytes  JMP 5F610F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!LoadLibraryW                                           7C80ACD3 6 Bytes  JMP 5F220F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateMutexA                                           7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateRemoteThread                                     7C810626 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateRemoteThread + 4                                 7C81062A 2 Bytes  [11, 5F]
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateThread                                           7C81082F 6 Bytes  JMP 5F790F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateFileW                                            7C810976 6 Bytes  JMP 5F700F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!GetCommandLineA                                        7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!TerminateThread                                        7C81CACB 6 Bytes  JMP 5F460F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!GetVolumeInformationA                                  7C827052 6 Bytes  JMP 5F640F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!DebugActiveProcess                                     7C859F0B 6 Bytes  JMP 5F490F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!WinExec                                                7C86114D 6 Bytes  JMP 5F3D0F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateToolhelp32Snapshot                               7C8647B7 6 Bytes  JMP 5F760F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] ADVAPI32.dll!RegOpenKeyExA                                          77DA761B 6 Bytes  JMP 5F6A0F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] ADVAPI32.dll!RegCreateKeyExA                                        77DAEAF4 6 Bytes  JMP 5F670F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] ADVAPI32.dll!RegSetValueExA                                         77DAEBE7 6 Bytes  JMP 5F6D0F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] ADVAPI32.dll!OpenSCManagerA                                         77DBADA7 6 Bytes  JMP 5F7F0F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] ADVAPI32.dll!LsaRemoveAccountRights                                 77DEAA41 6 Bytes  JMP 5F160F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] ADVAPI32.dll!CreateServiceA                                         77E07071 6 Bytes  JMP 5F580F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!GetKeyState                                              77D1C505 6 Bytes  JMP 5F4C0F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!ShowWindow                                               77D1D8A4 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!ShowWindow + 4                                           77D1D8A8 2 Bytes  [86, 5F]
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!GetAsyncKeyState                                         77D1E655 6 Bytes  JMP 5F4F0F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!SetWindowsHookExW                                        77D2E4AF 6 Bytes  JMP 5F280F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!SetWindowsHookExA                                        77D311E9 6 Bytes  JMP 5F250F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!SetWinEventHook                                          77D317C8 6 Bytes  JMP 5F5B0F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!GetWindowTextA                                           77D3213C 6 Bytes  JMP 5F820F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!DdeConnect                                               77D57D7B 6 Bytes  JMP 5F520F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!EndTask                                                  77D59C5D 6 Bytes  JMP 5F400F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!RegisterRawInputDevices                                  77D6C9C6 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!RegisterRawInputDevices + 4                              77D6C9CA 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] SHELL32.dll!ShellExecuteExW                                         7CA1172B 6 Bytes  JMP 5F3A0F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] SHELL32.dll!ShellExecuteEx                                          7CA50AED 6 Bytes  JMP 5F370F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] SHELL32.dll!ShellExecuteA                                           7CA50E18 6 Bytes  JMP 5F310F5A 
.text           C:\Programme\Java\jre6\bin\jusched.exe[680] SHELL32.dll!ShellExecuteW                                           7CAC4A18 6 Bytes  JMP 5F340F5A 
.text           C:\Programme\ThreatFire\TFTray.exe[704] kernel32.dll!LoadLibraryExW + C4                                        7C801BB5 4 Bytes  CALL 00FE0001 
.text           C:\Programme\ThreatFire\TFTray.exe[704] kernel32.dll!GetStartupInfoA                                            7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programme\ThreatFire\TFTray.exe[704] kernel32.dll!CreateMutexA                                               7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\ThreatFire\TFTray.exe[704] kernel32.dll!GetCommandLineA                                            7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] ntdll.dll!NtLoadDriver                                                              7C91DB6E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[728] ntdll.dll!NtLoadDriver + 4                                                          7C91DB72 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\WINDOWS\RTHDCPL.EXE[728] ntdll.dll!NtSuspendProcess                                                          7C91E83A 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[728] ntdll.dll!NtSuspendProcess + 4                                                      7C91E83E 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateFileA                                                            7C801A24 6 Bytes  JMP 5F730F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!VirtualProtect                                                         7C801AD0 6 Bytes  JMP 5F7C0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!LoadLibraryExW                                                         7C801AF1 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!LoadLibraryExW + C4                                                    7C801BB5 4 Bytes  CALL 04B80001 
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!LoadLibraryA                                                           7C801D77 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!TerminateProcess                                                       7C801E16 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!GetStartupInfoA                                                        7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!WriteProcessMemory                                                     7C80220F 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateProcessW                                                         7C802332 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateProcessA                                                         7C802367 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!LoadResource                                                           7C80A065 6 Bytes  JMP 5F880F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!GetProcAddress                                                         7C80AC28 6 Bytes  JMP 5F610F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!LoadLibraryW                                                           7C80ACD3 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateMutexA                                                           7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateRemoteThread                                                     7C810626 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateRemoteThread + 4                                                 7C81062A 2 Bytes  [11, 5F]
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateThread                                                           7C81082F 6 Bytes  JMP 5F790F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateFileW                                                            7C810976 6 Bytes  JMP 5F700F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!GetCommandLineA                                                        7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!TerminateThread                                                        7C81CACB 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!GetVolumeInformationA                                                  7C827052 6 Bytes  JMP 5F640F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!DebugActiveProcess                                                     7C859F0B 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!WinExec                                                                7C86114D 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateToolhelp32Snapshot                                               7C8647B7 6 Bytes  JMP 5F760F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!GetKeyState                                                              77D1C505 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!ShowWindow                                                               77D1D8A4 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!ShowWindow + 4                                                           77D1D8A8 2 Bytes  [86, 5F]
.text           C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!GetAsyncKeyState                                                         77D1E655 6 Bytes  JMP 5F4F0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!SetWindowsHookExW                                                        77D2E4AF 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!SetWindowsHookExA                                                        77D311E9 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!SetWinEventHook                                                          77D317C8 6 Bytes  JMP 5F5B0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!GetWindowTextA                                                           77D3213C 6 Bytes  JMP 5F820F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!DdeConnect                                                               77D57D7B 6 Bytes  JMP 5F520F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!EndTask                                                                  77D59C5D 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!RegisterRawInputDevices                                                  77D6C9C6 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!RegisterRawInputDevices + 4                                              77D6C9CA 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\WINDOWS\RTHDCPL.EXE[728] ADVAPI32.dll!RegOpenKeyExA                                                          77DA761B 6 Bytes  JMP 5F6A0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] ADVAPI32.dll!RegCreateKeyExA                                                        77DAEAF4 6 Bytes  JMP 5F670F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] ADVAPI32.dll!RegSetValueExA                                                         77DAEBE7 6 Bytes  JMP 5F6D0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] ADVAPI32.dll!OpenSCManagerA                                                         77DBADA7 6 Bytes  JMP 5F7F0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] ADVAPI32.dll!LsaRemoveAccountRights                                                 77DEAA41 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] ADVAPI32.dll!CreateServiceA                                                         77E07071 6 Bytes  JMP 5F580F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] SHELL32.dll!ShellExecuteExW                                                         7CA1172B 6 Bytes  JMP 5F3A0F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] SHELL32.dll!ShellExecuteEx                                                          7CA50AED 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] SHELL32.dll!ShellExecuteA                                                           7CA50E18 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\RTHDCPL.EXE[728] SHELL32.dll!ShellExecuteW                                                           7CAC4A18 6 Bytes  JMP 5F340F5A
         

Alt 26.07.2009, 21:34   #22
Scars
 
Generic 14.DNH - Standard

Generic 14.DNH



Code:
ATTFilter
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ntdll.dll!NtLoadDriver                           7C91DB6E 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ntdll.dll!NtLoadDriver + 4                       7C91DB72 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ntdll.dll!NtSuspendProcess                       7C91E83A 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ntdll.dll!NtSuspendProcess + 4                   7C91E83E 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateFileA                         7C801A24 6 Bytes  JMP 5F730F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!VirtualProtect                      7C801AD0 6 Bytes  JMP 5F7C0F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!LoadLibraryExW                      7C801AF1 6 Bytes  JMP 5F130F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!LoadLibraryExW + C4                 7C801BB5 4 Bytes  CALL 00C30001 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!LoadLibraryA                        7C801D77 6 Bytes  JMP 5F1F0F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!TerminateProcess                    7C801E16 6 Bytes  JMP 5F190F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!GetStartupInfoA                     7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!WriteProcessMemory                  7C80220F 6 Bytes  JMP 5F1C0F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateProcessW                      7C802332 6 Bytes  JMP 5F2E0F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateProcessA                      7C802367 6 Bytes  JMP 5F2B0F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!LoadResource                        7C80A065 6 Bytes  JMP 5F880F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!GetProcAddress                      7C80AC28 6 Bytes  JMP 5F610F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!LoadLibraryW                        7C80ACD3 6 Bytes  JMP 5F220F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateMutexA                        7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateRemoteThread                  7C810626 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateRemoteThread + 4              7C81062A 2 Bytes  [11, 5F]
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateThread                        7C81082F 6 Bytes  JMP 5F790F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateFileW                         7C810976 6 Bytes  JMP 5F700F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!GetCommandLineA                     7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!TerminateThread                     7C81CACB 6 Bytes  JMP 5F460F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!GetVolumeInformationA               7C827052 6 Bytes  JMP 5F640F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!DebugActiveProcess                  7C859F0B 6 Bytes  JMP 5F490F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!WinExec                             7C86114D 6 Bytes  JMP 5F3D0F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateToolhelp32Snapshot            7C8647B7 6 Bytes  JMP 5F760F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!GetKeyState                           77D1C505 6 Bytes  JMP 5F4C0F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!ShowWindow                            77D1D8A4 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!ShowWindow + 4                        77D1D8A8 2 Bytes  [86, 5F]
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!GetAsyncKeyState                      77D1E655 6 Bytes  JMP 5F4F0F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!SetWindowsHookExW                     77D2E4AF 6 Bytes  JMP 5F280F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!SetWindowsHookExA                     77D311E9 6 Bytes  JMP 5F250F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!SetWinEventHook                       77D317C8 6 Bytes  JMP 5F5B0F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!GetWindowTextA                        77D3213C 6 Bytes  JMP 5F820F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!DdeConnect                            77D57D7B 6 Bytes  JMP 5F520F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!EndTask                               77D59C5D 6 Bytes  JMP 5F400F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!RegisterRawInputDevices               77D6C9C6 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!RegisterRawInputDevices + 4           77D6C9CA 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ADVAPI32.dll!RegOpenKeyExA                       77DA761B 6 Bytes  JMP 5F6A0F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ADVAPI32.dll!RegCreateKeyExA                     77DAEAF4 6 Bytes  JMP 5F670F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ADVAPI32.dll!RegSetValueExA                      77DAEBE7 6 Bytes  JMP 5F6D0F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ADVAPI32.dll!OpenSCManagerA                      77DBADA7 6 Bytes  JMP 5F7F0F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ADVAPI32.dll!LsaRemoveAccountRights              77DEAA41 6 Bytes  JMP 5F160F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ADVAPI32.dll!CreateServiceA                      77E07071 6 Bytes  JMP 5F580F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] SHELL32.dll!ShellExecuteExW                      7CA1172B 6 Bytes  JMP 5F3A0F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] SHELL32.dll!ShellExecuteEx                       7CA50AED 6 Bytes  JMP 5F370F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] SHELL32.dll!ShellExecuteA                        7CA50E18 6 Bytes  JMP 5F310F5A 
.text           C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] SHELL32.dll!ShellExecuteW                        7CAC4A18 6 Bytes  JMP 5F340F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ntdll.dll!NtLoadDriver                                       7C91DB6E 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ntdll.dll!NtLoadDriver + 4                                   7C91DB72 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ntdll.dll!NtSuspendProcess                                   7C91E83A 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ntdll.dll!NtSuspendProcess + 4                               7C91E83E 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateFileA                                     7C801A24 6 Bytes  JMP 5F730F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!VirtualProtect                                  7C801AD0 6 Bytes  JMP 5F7C0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!LoadLibraryExW                                  7C801AF1 6 Bytes  JMP 5F130F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!LoadLibraryExW + C4                             7C801BB5 4 Bytes  CALL 04800001 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!LoadLibraryA                                    7C801D77 6 Bytes  JMP 5F1F0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!TerminateProcess                                7C801E16 6 Bytes  JMP 5F190F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!GetStartupInfoA                                 7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!WriteProcessMemory                              7C80220F 6 Bytes  JMP 5F1C0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateProcessW                                  7C802332 6 Bytes  JMP 5F2E0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateProcessA                                  7C802367 6 Bytes  JMP 5F2B0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!LoadResource                                    7C80A065 6 Bytes  JMP 5F880F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!GetProcAddress                                  7C80AC28 6 Bytes  JMP 5F610F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!LoadLibraryW                                    7C80ACD3 6 Bytes  JMP 5F220F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateMutexA                                    7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateRemoteThread                              7C810626 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateRemoteThread + 4                          7C81062A 2 Bytes  [11, 5F]
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateThread                                    7C81082F 6 Bytes  JMP 5F790F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateFileW                                     7C810976 6 Bytes  JMP 5F700F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!GetCommandLineA                                 7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!TerminateThread                                 7C81CACB 6 Bytes  JMP 5F460F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!GetVolumeInformationA                           7C827052 6 Bytes  JMP 5F640F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!DebugActiveProcess                              7C859F0B 6 Bytes  JMP 5F490F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!WinExec                                         7C86114D 6 Bytes  JMP 5F3D0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateToolhelp32Snapshot                        7C8647B7 6 Bytes  JMP 5F760F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ADVAPI32.dll!RegOpenKeyExA                                   77DA761B 6 Bytes  JMP 5F6A0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ADVAPI32.dll!RegCreateKeyExA                                 77DAEAF4 6 Bytes  JMP 5F670F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ADVAPI32.dll!RegSetValueExA                                  77DAEBE7 6 Bytes  JMP 5F6D0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ADVAPI32.dll!OpenSCManagerA                                  77DBADA7 6 Bytes  JMP 5F7F0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ADVAPI32.dll!LsaRemoveAccountRights                          77DEAA41 6 Bytes  JMP 5F160F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ADVAPI32.dll!CreateServiceA                                  77E07071 6 Bytes  JMP 5F580F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!GetKeyState                                       77D1C505 6 Bytes  JMP 5F4C0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!ShowWindow                                        77D1D8A4 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!ShowWindow + 4                                    77D1D8A8 2 Bytes  [86, 5F]
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!GetAsyncKeyState                                  77D1E655 6 Bytes  JMP 5F4F0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!SetWindowsHookExW                                 77D2E4AF 6 Bytes  JMP 5F280F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!SetWindowsHookExA                                 77D311E9 6 Bytes  JMP 5F250F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!SetWinEventHook                                   77D317C8 6 Bytes  JMP 5F5B0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!GetWindowTextA                                    77D3213C 6 Bytes  JMP 5F820F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!DdeConnect                                        77D57D7B 6 Bytes  JMP 5F520F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!EndTask                                           77D59C5D 6 Bytes  JMP 5F400F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!RegisterRawInputDevices                           77D6C9C6 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!RegisterRawInputDevices + 4                       77D6C9CA 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] shell32.dll!ShellExecuteExW                                  7CA1172B 6 Bytes  JMP 5F3A0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] shell32.dll!ShellExecuteEx                                   7CA50AED 6 Bytes  JMP 5F370F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] shell32.dll!ShellExecuteA                                    7CA50E18 6 Bytes  JMP 5F310F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] shell32.dll!ShellExecuteW                                    7CAC4A18 6 Bytes  JMP 5F340F5A
         

Alt 26.07.2009, 21:46   #23
Scars
 
Generic 14.DNH - Standard

Generic 14.DNH



Zitat:
Zitat von KarlKarl Beitrag anzeigen
Hi,

solange Du deine Kiste damit neu aufsetzt

wirst Du sie nie fit bekommen. Probier es doch einfach mal mit Gimp. Keinen Deut schlechter als Photoshop, einziger Nachteil ist, dass der Coolnessfaktor das Programm zu klauen wegfällt. Ist nämlich frei.

Karl
Mag sein das das beim Installieren mit drauf kommt, weil ich die CD von nem Kumpel habe weil meine Originale CD zu sehr verkratzt ist :/

Der hat noch ein paar extraprogramme die mit installiert werden die aber bei der ersten Installation auch keine Probleme verursacht haben.

Ich kenne Gimp und auch diverse andere kostenlose Bearbeitungssoftware nur brauche ich die nicht, ich will nur surfen und zocken mehr nicht

Alt 26.07.2009, 21:50   #24
Scars
 
Generic 14.DNH - Standard

Generic 14.DNH



Code:
ATTFilter
.text           C:\WINDOWS\system32\csrss.exe[932] KERNEL32.dll!LoadLibraryExW + C4                                             7C801BB5 4 Bytes  CALL 01400001 
.text           C:\WINDOWS\system32\csrss.exe[932] KERNEL32.dll!GetStartupInfoA                                                 7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\csrss.exe[932] KERNEL32.dll!CreateMutexA                                                    7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\csrss.exe[932] KERNEL32.dll!GetCommandLineA                                                 7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!CreateFileA                                                  7C801A24 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!VirtualProtect                                               7C801AD0 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!LoadLibraryExW                                               7C801AF1 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!LoadLibraryExW + C4                                          7C801BB5 4 Bytes  CALL 011E0001 
.text           C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!GetStartupInfoA                                              7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!LoadResource                                                 7C80A065 6 Bytes  JMP 5F3A0F5A 
.text           C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!GetProcAddress                                               7C80AC28 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!CreateMutexA                                                 7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!CreateThread                                                 7C81082F 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!CreateFileW                                                  7C810976 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!GetCommandLineA                                              7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!GetVolumeInformationA                                        7C827052 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!CreateToolhelp32Snapshot                                     7C8647B7 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\system32\winlogon.exe[964] ADVAPI32.dll!RegOpenKeyExA                                                77DA761B 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\system32\winlogon.exe[964] ADVAPI32.dll!RegCreateKeyExA                                              77DAEAF4 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\winlogon.exe[964] ADVAPI32.dll!RegSetValueExA                                               77DAEBE7 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\system32\winlogon.exe[964] ADVAPI32.dll!OpenSCManagerA                                               77DBADA7 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\system32\winlogon.exe[964] USER32.dll!ShowWindow                                                     77D1D8A4 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\winlogon.exe[964] USER32.dll!ShowWindow + 4                                                 77D1D8A8 2 Bytes  [38, 5F]
.text           C:\WINDOWS\system32\winlogon.exe[964] USER32.dll!GetWindowTextA                                                 77D3213C 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtLoadDriver                                                   7C91DB6E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtLoadDriver + 4                                               7C91DB72 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtSuspendProcess                                               7C91E83A 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtSuspendProcess + 4                                           7C91E83E 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateFileA                                                 7C801A24 6 Bytes  JMP 5F730F5A 
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!VirtualProtect                                              7C801AD0 6 Bytes  JMP 5F7C0F5A 
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadLibraryExW                                              7C801AF1 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadLibraryExW + C4                                         7C801BB5 4 Bytes  CALL 00060001 
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadLibraryA                                                7C801D77 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!TerminateProcess                                            7C801E16 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!GetStartupInfoA                                             7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!WriteProcessMemory                                          7C80220F 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateProcessW                                              7C802332 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateProcessA                                              7C802367 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadResource                                                7C80A065 6 Bytes  JMP 5F880F5A 
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!GetProcAddress                                              7C80AC28 6 Bytes  JMP 5F610F5A 
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadLibraryW                                                7C80ACD3 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateMutexA                                                7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateRemoteThread                                          7C810626 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateRemoteThread + 4                                      7C81062A 2 Bytes  [11, 5F]
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateThread                                                7C81082F 6 Bytes  JMP 5F790F5A 
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateFileW                                                 7C810976 6 Bytes  JMP 5F700F5A 
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!GetCommandLineA                                             7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!TerminateThread                                             7C81CACB 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!GetVolumeInformationA                                       7C827052 6 Bytes  JMP 5F640F5A 
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!DebugActiveProcess                                          7C859F0B 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!WinExec                                                     7C86114D 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateToolhelp32Snapshot                                    7C8647B7 6 Bytes  JMP 5F760F5A 
.text           C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegOpenKeyExA                                               77DA761B 6 Bytes  JMP 5F6A0F5A 
.text           C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegCreateKeyExA                                             77DAEAF4 6 Bytes  JMP 5F670F5A 
.text           C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegSetValueExA                                              77DAEBE7 6 Bytes  JMP 5F6D0F5A 
.text           C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!OpenSCManagerA                                              77DBADA7 6 Bytes  JMP 5F7F0F5A 
.text           C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!LsaRemoveAccountRights                                      77DEAA41 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!CreateServiceA                                              77E07071 6 Bytes  JMP 5F580F5A 
.text           C:\WINDOWS\system32\services.exe[1008] USER32.dll!GetKeyState                                                   77D1C505 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\system32\services.exe[1008] USER32.dll!ShowWindow                                                    77D1D8A4 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\services.exe[1008] USER32.dll!ShowWindow + 4                                                77D1D8A8 2 Bytes  [86, 5F]
.text           C:\WINDOWS\system32\services.exe[1008] USER32.dll!GetAsyncKeyState                                              77D1E655 6 Bytes  JMP 5F4F0F5A 
.text           C:\WINDOWS\system32\services.exe[1008] USER32.dll!SetWindowsHookExW                                             77D2E4AF 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\system32\services.exe[1008] USER32.dll!SetWindowsHookExA                                             77D311E9 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\system32\services.exe[1008] USER32.dll!SetWinEventHook                                               77D317C8 6 Bytes  JMP 5F5B0F5A 
.text           C:\WINDOWS\system32\services.exe[1008] USER32.dll!GetWindowTextA                                                77D3213C 6 Bytes  JMP 5F820F5A 
.text           C:\WINDOWS\system32\services.exe[1008] USER32.dll!DdeConnect                                                    77D57D7B 6 Bytes  JMP 5F520F5A 
.text           C:\WINDOWS\system32\services.exe[1008] USER32.dll!EndTask                                                       77D59C5D 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\system32\services.exe[1008] USER32.dll!RegisterRawInputDevices                                       77D6C9C6 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\services.exe[1008] USER32.dll!RegisterRawInputDevices + 4                                   77D6C9CA 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\WINDOWS\system32\services.exe[1008] SHELL32.dll!ShellExecuteExW                                              7CA1172B 6 Bytes  JMP 5F3A0F5A 
.text           C:\WINDOWS\system32\services.exe[1008] SHELL32.dll!ShellExecuteEx                                               7CA50AED 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\system32\services.exe[1008] SHELL32.dll!ShellExecuteA                                                7CA50E18 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\system32\services.exe[1008] SHELL32.dll!ShellExecuteW                                                7CAC4A18 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtLoadDriver                                                      7C91DB6E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtLoadDriver + 4                                                  7C91DB72 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtSuspendProcess                                                  7C91E83A 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtSuspendProcess + 4                                              7C91E83E 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateFileA                                                    7C801A24 6 Bytes  JMP 5F730F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!VirtualProtect                                                 7C801AD0 6 Bytes  JMP 5F7C0F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadLibraryExW                                                 7C801AF1 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadLibraryExW + C4                                            7C801BB5 4 Bytes  CALL 01180001 
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadLibraryA                                                   7C801D77 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!TerminateProcess                                               7C801E16 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!GetStartupInfoA                                                7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!WriteProcessMemory                                             7C80220F 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateProcessW                                                 7C802332 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateProcessA                                                 7C802367 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadResource                                                   7C80A065 6 Bytes  JMP 5F880F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!GetProcAddress                                                 7C80AC28 6 Bytes  JMP 5F610F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadLibraryW                                                   7C80ACD3 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateMutexA                                                   7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateRemoteThread                                             7C810626 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateRemoteThread + 4                                         7C81062A 2 Bytes  [11, 5F]
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateThread                                                   7C81082F 6 Bytes  JMP 5F790F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateFileW                                                    7C810976 6 Bytes  JMP 5F700F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!GetCommandLineA                                                7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!TerminateThread                                                7C81CACB 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!GetVolumeInformationA                                          7C827052 6 Bytes  JMP 5F640F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!DebugActiveProcess                                             7C859F0B 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!WinExec                                                        7C86114D 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateToolhelp32Snapshot                                       7C8647B7 6 Bytes  JMP 5F760F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegOpenKeyExA                                                  77DA761B 6 Bytes  JMP 5F6A0F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegCreateKeyExA                                                77DAEAF4 6 Bytes  JMP 5F670F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegSetValueExA                                                 77DAEBE7 6 Bytes  JMP 5F6D0F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!OpenSCManagerA                                                 77DBADA7 6 Bytes  JMP 5F7F0F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!LsaRemoveAccountRights                                         77DEAA41 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!CreateServiceA                                                 77E07071 6 Bytes  JMP 5F580F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!GetKeyState                                                      77D1C505 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!ShowWindow                                                       77D1D8A4 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!ShowWindow + 4                                                   77D1D8A8 2 Bytes  [86, 5F]
.text           C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!GetAsyncKeyState                                                 77D1E655 6 Bytes  JMP 5F4F0F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!SetWindowsHookExW                                                77D2E4AF 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!SetWindowsHookExA                                                77D311E9 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!SetWinEventHook                                                  77D317C8 6 Bytes  JMP 5F5B0F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!GetWindowTextA                                                   77D3213C 6 Bytes  JMP 5F820F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!DdeConnect                                                       77D57D7B 6 Bytes  JMP 5F520F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!EndTask                                                          77D59C5D 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!RegisterRawInputDevices                                          77D6C9C6 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!RegisterRawInputDevices + 4                                      77D6C9CA 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\WINDOWS\system32\lsass.exe[1020] SHELL32.dll!ShellExecuteExW                                                 7CA1172B 6 Bytes  JMP 5F3A0F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] SHELL32.dll!ShellExecuteEx                                                  7CA50AED 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] SHELL32.dll!ShellExecuteA                                                   7CA50E18 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\system32\lsass.exe[1020] SHELL32.dll!ShellExecuteW                                                   7CAC4A18 6 Bytes  JMP 5F340F5A
         

Alt 26.07.2009, 21:52   #25
Scars
 
Generic 14.DNH - Standard

Generic 14.DNH



Code:
ATTFilter
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] ntdll.dll!NtLoadDriver                                                   7C91DB6E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] ntdll.dll!NtLoadDriver + 4                                               7C91DB72 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] ntdll.dll!NtSuspendProcess                                               7C91E83A 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] ntdll.dll!NtSuspendProcess + 4                                           7C91E83E 2 Bytes  [38, 5F]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!CreateFileA                                                 7C801A24 6 Bytes  JMP 5F670F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!VirtualProtect                                              7C801AD0 6 Bytes  JMP 5F700F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!LoadLibraryExW                                              7C801AF1 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!LoadLibraryExW + C4                                         7C801BB5 4 Bytes  CALL 00EC0001 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!LoadLibraryA                                                7C801D77 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!TerminateProcess                                            7C801E16 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!GetStartupInfoA                                             7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!WriteProcessMemory                                          7C80220F 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!CreateProcessW                                              7C802332 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!CreateProcessA                                              7C802367 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!LoadResource                                                7C80A065 6 Bytes  JMP 5F7C0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!GetProcAddress                                              7C80AC28 6 Bytes  JMP 5F550F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!LoadLibraryW                                                7C80ACD3 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!CreateMutexA                                                7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!CreateRemoteThread                                          7C810626 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!CreateRemoteThread + 4                                      7C81062A 2 Bytes  [11, 5F]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!CreateThread                                                7C81082F 6 Bytes  JMP 5F6D0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!CreateFileW                                                 7C810976 6 Bytes  JMP 5F640F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!GetCommandLineA                                             7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!TerminateThread                                             7C81CACB 6 Bytes  JMP 5F3A0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!GetVolumeInformationA                                       7C827052 6 Bytes  JMP 5F580F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!DebugActiveProcess                                          7C859F0B 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!WinExec                                                     7C86114D 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!CreateToolhelp32Snapshot                                    7C8647B7 6 Bytes  JMP 5F6A0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!GetKeyState                                                   77D1C505 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!ShowWindow                                                    77D1D8A4 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!ShowWindow + 4                                                77D1D8A8 2 Bytes  [7A, 5F] {JP 0x61}
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!GetAsyncKeyState                                              77D1E655 6 Bytes  JMP 5F430F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!SetWindowsHookExW                                             77D2E4AF 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!SetWindowsHookExA                                             77D311E9 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!SetWinEventHook                                               77D317C8 6 Bytes  JMP 5F4F0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!GetWindowTextA                                                77D3213C 6 Bytes  JMP 5F760F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!DdeConnect                                                    77D57D7B 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!EndTask                                                       77D59C5D 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!RegisterRawInputDevices                                       77D6C9C6 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!RegisterRawInputDevices + 4                                   77D6C9CA 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] ADVAPI32.dll!RegOpenKeyExA                                               77DA761B 6 Bytes  JMP 5F5E0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] ADVAPI32.dll!RegCreateKeyExA                                             77DAEAF4 6 Bytes  JMP 5F5B0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] ADVAPI32.dll!RegSetValueExA                                              77DAEBE7 6 Bytes  JMP 5F610F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] ADVAPI32.dll!OpenSCManagerA                                              77DBADA7 6 Bytes  JMP 5F730F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] ADVAPI32.dll!LsaRemoveAccountRights                                      77DEAA41 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1212] ADVAPI32.dll!CreateServiceA                                              77E07071 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtLoadDriver                                                    7C91DB6E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtLoadDriver + 4                                                7C91DB72 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtSuspendProcess                                                7C91E83A 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtSuspendProcess + 4                                            7C91E83E 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateFileA                                                  7C801A24 6 Bytes  JMP 5F730F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!VirtualProtect                                               7C801AD0 6 Bytes  JMP 5F7C0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryExW                                               7C801AF1 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryExW + C4                                          7C801BB5 4 Bytes  CALL 00E20001 
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryA                                                 7C801D77 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!TerminateProcess                                             7C801E16 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetStartupInfoA                                              7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!WriteProcessMemory                                           7C80220F 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessW                                               7C802332 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessA                                               7C802367 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadResource                                                 7C80A065 6 Bytes  JMP 5F880F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetProcAddress                                               7C80AC28 6 Bytes  JMP 5F610F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryW                                                 7C80ACD3 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateMutexA                                                 7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateRemoteThread                                           7C810626 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateRemoteThread + 4                                       7C81062A 2 Bytes  [11, 5F]
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateThread                                                 7C81082F 6 Bytes  JMP 5F790F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateFileW                                                  7C810976 6 Bytes  JMP 5F700F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetCommandLineA                                              7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!TerminateThread                                              7C81CACB 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetVolumeInformationA                                        7C827052 6 Bytes  JMP 5F640F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!DebugActiveProcess                                           7C859F0B 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!WinExec                                                      7C86114D 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateToolhelp32Snapshot                                     7C8647B7 6 Bytes  JMP 5F760F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExA                                                77DA761B 6 Bytes  JMP 5F6A0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExA                                              77DAEAF4 6 Bytes  JMP 5F670F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegSetValueExA                                               77DAEBE7 6 Bytes  JMP 5F6D0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!OpenSCManagerA                                               77DBADA7 6 Bytes  JMP 5F7F0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!LsaRemoveAccountRights                                       77DEAA41 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!CreateServiceA                                               77E07071 6 Bytes  JMP 5F580F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!GetKeyState                                                    77D1C505 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!ShowWindow                                                     77D1D8A4 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!ShowWindow + 4                                                 77D1D8A8 2 Bytes  [86, 5F]
.text           C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!GetAsyncKeyState                                               77D1E655 6 Bytes  JMP 5F4F0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExW                                              77D2E4AF 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExA                                              77D311E9 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!SetWinEventHook                                                77D317C8 6 Bytes  JMP 5F5B0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!GetWindowTextA                                                 77D3213C 6 Bytes  JMP 5F820F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!DdeConnect                                                     77D57D7B 6 Bytes  JMP 5F520F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!EndTask                                                        77D59C5D 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!RegisterRawInputDevices                                        77D6C9C6 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!RegisterRawInputDevices + 4                                    77D6C9CA 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\WINDOWS\system32\svchost.exe[1232] SHELL32.dll!ShellExecuteExW                                               7CA1172B 6 Bytes  JMP 5F3A0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] SHELL32.dll!ShellExecuteEx                                                7CA50AED 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] SHELL32.dll!ShellExecuteA                                                 7CA50E18 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\system32\svchost.exe[1232] SHELL32.dll!ShellExecuteW                                                 7CAC4A18 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtLoadDriver                                                    7C91DB6E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtLoadDriver + 4                                                7C91DB72 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtSuspendProcess                                                7C91E83A 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtSuspendProcess + 4                                            7C91E83E 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileA                                                  7C801A24 6 Bytes  JMP 5F730F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualProtect                                               7C801AD0 6 Bytes  JMP 5F7C0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExW                                               7C801AF1 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExW + C4                                          7C801BB5 4 Bytes  CALL 00C80001 
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryA                                                 7C801D77 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!TerminateProcess                                             7C801E16 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetStartupInfoA                                              7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!WriteProcessMemory                                           7C80220F 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessW                                               7C802332 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessA                                               7C802367 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadResource                                                 7C80A065 6 Bytes  JMP 5F880F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetProcAddress                                               7C80AC28 6 Bytes  JMP 5F610F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryW                                                 7C80ACD3 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateMutexA                                                 7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateRemoteThread                                           7C810626 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateRemoteThread + 4                                       7C81062A 2 Bytes  [11, 5F]
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateThread                                                 7C81082F 6 Bytes  JMP 5F790F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileW                                                  7C810976 6 Bytes  JMP 5F700F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetCommandLineA                                              7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!TerminateThread                                              7C81CACB 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetVolumeInformationA                                        7C827052 6 Bytes  JMP 5F640F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!DebugActiveProcess                                           7C859F0B 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!WinExec                                                      7C86114D 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateToolhelp32Snapshot                                     7C8647B7 6 Bytes  JMP 5F760F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExA                                                77DA761B 6 Bytes  JMP 5F6A0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExA                                              77DAEAF4 6 Bytes  JMP 5F670F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegSetValueExA                                               77DAEBE7 6 Bytes  JMP 5F6D0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!OpenSCManagerA                                               77DBADA7 6 Bytes  JMP 5F7F0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!LsaRemoveAccountRights                                       77DEAA41 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!CreateServiceA                                               77E07071 6 Bytes  JMP 5F580F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!GetKeyState                                                    77D1C505 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!ShowWindow                                                     77D1D8A4 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!ShowWindow + 4                                                 77D1D8A8 2 Bytes  [86, 5F]
.text           C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!GetAsyncKeyState                                               77D1E655 6 Bytes  JMP 5F4F0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExW                                              77D2E4AF 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExA                                              77D311E9 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWinEventHook                                                77D317C8 6 Bytes  JMP 5F5B0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!GetWindowTextA                                                 77D3213C 6 Bytes  JMP 5F820F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!DdeConnect                                                     77D57D7B 6 Bytes  JMP 5F520F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!EndTask                                                        77D59C5D 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!RegisterRawInputDevices                                        77D6C9C6 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!RegisterRawInputDevices + 4                                    77D6C9CA 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\WINDOWS\system32\svchost.exe[1300] SHELL32.dll!ShellExecuteExW                                               7CA1172B 6 Bytes  JMP 5F3A0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] SHELL32.dll!ShellExecuteEx                                                7CA50AED 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] SHELL32.dll!ShellExecuteA                                                 7CA50E18 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\system32\svchost.exe[1300] SHELL32.dll!ShellExecuteW                                                 7CAC4A18 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] ntdll.dll!NtLoadDriver                                                    7C91DB6E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\System32\svchost.exe[1476] ntdll.dll!NtLoadDriver + 4                                                7C91DB72 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\WINDOWS\System32\svchost.exe[1476] ntdll.dll!NtSuspendProcess                                                7C91E83A 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\System32\svchost.exe[1476] ntdll.dll!NtSuspendProcess + 4                                            7C91E83E 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!CreateFileA                                                  7C801A24 6 Bytes  JMP 5F730F5A
         

Alt 26.07.2009, 21:53   #26
Scars
 
Generic 14.DNH - Standard

Generic 14.DNH



Code:
ATTFilter
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!VirtualProtect                                               7C801AD0 6 Bytes  JMP 5F7C0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!LoadLibraryExW                                               7C801AF1 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!LoadLibraryExW + C4                                          7C801BB5 4 Bytes  CALL 03070001 
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!LoadLibraryA                                                 7C801D77 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!TerminateProcess                                             7C801E16 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!GetStartupInfoA                                              7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!WriteProcessMemory                                           7C80220F 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!CreateProcessW                                               7C802332 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!CreateProcessA                                               7C802367 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!LoadResource                                                 7C80A065 6 Bytes  JMP 5F880F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!GetProcAddress                                               7C80AC28 6 Bytes  JMP 5F610F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!LoadLibraryW                                                 7C80ACD3 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!CreateMutexA                                                 7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!CreateRemoteThread                                           7C810626 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!CreateRemoteThread + 4                                       7C81062A 2 Bytes  [11, 5F]
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!CreateThread                                                 7C81082F 6 Bytes  JMP 5F790F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!CreateFileW                                                  7C810976 6 Bytes  JMP 5F700F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!GetCommandLineA                                              7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!TerminateThread                                              7C81CACB 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!GetVolumeInformationA                                        7C827052 6 Bytes  JMP 5F640F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!DebugActiveProcess                                           7C859F0B 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!WinExec                                                      7C86114D 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!CreateToolhelp32Snapshot                                     7C8647B7 6 Bytes  JMP 5F760F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyExA                                                77DA761B 6 Bytes  JMP 5F6A0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyExA                                              77DAEAF4 6 Bytes  JMP 5F670F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] ADVAPI32.dll!RegSetValueExA                                               77DAEBE7 6 Bytes  JMP 5F6D0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] ADVAPI32.dll!OpenSCManagerA                                               77DBADA7 6 Bytes  JMP 5F7F0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] ADVAPI32.dll!LsaRemoveAccountRights                                       77DEAA41 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] ADVAPI32.dll!CreateServiceA                                               77E07071 6 Bytes  JMP 5F580F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!GetKeyState                                                    77D1C505 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!ShowWindow                                                     77D1D8A4 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!ShowWindow + 4                                                 77D1D8A8 2 Bytes  [86, 5F]
.text           C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!GetAsyncKeyState                                               77D1E655 6 Bytes  JMP 5F4F0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!SetWindowsHookExW                                              77D2E4AF 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!SetWindowsHookExA                                              77D311E9 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!SetWinEventHook                                                77D317C8 6 Bytes  JMP 5F5B0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!GetWindowTextA                                                 77D3213C 6 Bytes  JMP 5F820F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!DdeConnect                                                     77D57D7B 6 Bytes  JMP 5F520F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!EndTask                                                        77D59C5D 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!RegisterRawInputDevices                                        77D6C9C6 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!RegisterRawInputDevices + 4                                    77D6C9CA 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\WINDOWS\System32\svchost.exe[1476] SHELL32.dll!ShellExecuteExW                                               7CA1172B 6 Bytes  JMP 5F3A0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] SHELL32.dll!ShellExecuteEx                                                7CA50AED 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] SHELL32.dll!ShellExecuteA                                                 7CA50E18 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\System32\svchost.exe[1476] SHELL32.dll!ShellExecuteW                                                 7CAC4A18 6 Bytes  JMP 5F340F5A
         

Alt 26.07.2009, 21:54   #27
Scars
 
Generic 14.DNH - Standard

Generic 14.DNH



Code:
ATTFilter
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] ntdll.dll!NtLoadDriver                         7C91DB6E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] ntdll.dll!NtLoadDriver + 4                     7C91DB72 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] ntdll.dll!NtSuspendProcess                     7C91E83A 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] ntdll.dll!NtSuspendProcess + 4                 7C91E83E 2 Bytes  [38, 5F]
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!CreateFileA                       7C801A24 6 Bytes  JMP 5F670F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!VirtualProtect                    7C801AD0 6 Bytes  JMP 5F700F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!LoadLibraryExW                    7C801AF1 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!LoadLibraryExW + C4               7C801BB5 4 Bytes  CALL 00AC0001 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!LoadLibraryA                      7C801D77 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!TerminateProcess                  7C801E16 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!GetStartupInfoA                   7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!WriteProcessMemory                7C80220F 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!CreateProcessW                    7C802332 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!CreateProcessA                    7C802367 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!LoadResource                      7C80A065 6 Bytes  JMP 5F7C0F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!GetProcAddress                    7C80AC28 6 Bytes  JMP 5F550F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!LoadLibraryW                      7C80ACD3 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!CreateMutexA                      7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!CreateRemoteThread                7C810626 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!CreateRemoteThread + 4            7C81062A 2 Bytes  [11, 5F]
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!CreateThread                      7C81082F 6 Bytes  JMP 5F6D0F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!CreateFileW                       7C810976 6 Bytes  JMP 5F640F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!GetCommandLineA                   7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!TerminateThread                   7C81CACB 6 Bytes  JMP 5F3A0F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!GetVolumeInformationA             7C827052 6 Bytes  JMP 5F580F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!DebugActiveProcess                7C859F0B 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!WinExec                           7C86114D 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!CreateToolhelp32Snapshot          7C8647B7 6 Bytes  JMP 5F6A0F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] ADVAPI32.dll!RegOpenKeyExA                     77DA761B 6 Bytes  JMP 5F5E0F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] ADVAPI32.dll!RegCreateKeyExA                   77DAEAF4 6 Bytes  JMP 5F5B0F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] ADVAPI32.dll!RegSetValueExA                    77DAEBE7 6 Bytes  JMP 5F610F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] ADVAPI32.dll!OpenSCManagerA                    77DBADA7 6 Bytes  JMP 5F730F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] ADVAPI32.dll!LsaRemoveAccountRights            77DEAA41 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] ADVAPI32.dll!CreateServiceA                    77E07071 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!GetKeyState                         77D1C505 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!ShowWindow                          77D1D8A4 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!ShowWindow + 4                      77D1D8A8 2 Bytes  [7A, 5F] {JP 0x61}
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!GetAsyncKeyState                    77D1E655 6 Bytes  JMP 5F430F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!SetWindowsHookExW                   77D2E4AF 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!SetWindowsHookExA                   77D311E9 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!SetWinEventHook                     77D317C8 6 Bytes  JMP 5F4F0F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!GetWindowTextA                      77D3213C 6 Bytes  JMP 5F760F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!DdeConnect                          77D57D7B 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!EndTask                             77D59C5D 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!RegisterRawInputDevices             77D6C9C6 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!RegisterRawInputDevices + 4         77D6C9CA 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!NtLoadDriver                                                    7C91DB6E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!NtLoadDriver + 4                                                7C91DB72 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!NtSuspendProcess                                                7C91E83A 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!NtSuspendProcess + 4                                            7C91E83E 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateFileA                                                  7C801A24 6 Bytes  JMP 5F730F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!VirtualProtect                                               7C801AD0 6 Bytes  JMP 5F7C0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryExW                                               7C801AF1 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryExW + C4                                          7C801BB5 4 Bytes  CALL 00980001 
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryA                                                 7C801D77 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!TerminateProcess                                             7C801E16 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!GetStartupInfoA                                              7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!WriteProcessMemory                                           7C80220F 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateProcessW                                               7C802332 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateProcessA                                               7C802367 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadResource                                                 7C80A065 6 Bytes  JMP 5F880F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!GetProcAddress                                               7C80AC28 6 Bytes  JMP 5F610F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryW                                                 7C80ACD3 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateMutexA                                                 7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateRemoteThread                                           7C810626 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateRemoteThread + 4                                       7C81062A 2 Bytes  [11, 5F]
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateThread                                                 7C81082F 6 Bytes  JMP 5F790F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateFileW                                                  7C810976 6 Bytes  JMP 5F700F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!GetCommandLineA                                              7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!TerminateThread                                              7C81CACB 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!GetVolumeInformationA                                        7C827052 6 Bytes  JMP 5F640F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!DebugActiveProcess                                           7C859F0B 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!WinExec                                                      7C86114D 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateToolhelp32Snapshot                                     7C8647B7 6 Bytes  JMP 5F760F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyExA                                                77DA761B 6 Bytes  JMP 5F6A0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyExA                                              77DAEAF4 6 Bytes  JMP 5F670F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegSetValueExA                                               77DAEBE7 6 Bytes  JMP 5F6D0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!OpenSCManagerA                                               77DBADA7 6 Bytes  JMP 5F7F0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!LsaRemoveAccountRights                                       77DEAA41 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!CreateServiceA                                               77E07071 6 Bytes  JMP 5F580F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!GetKeyState                                                    77D1C505 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!ShowWindow                                                     77D1D8A4 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!ShowWindow + 4                                                 77D1D8A8 2 Bytes  [86, 5F]
.text           C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!GetAsyncKeyState                                               77D1E655 6 Bytes  JMP 5F4F0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!SetWindowsHookExW                                              77D2E4AF 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!SetWindowsHookExA                                              77D311E9 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!SetWinEventHook                                                77D317C8 6 Bytes  JMP 5F5B0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!GetWindowTextA                                                 77D3213C 6 Bytes  JMP 5F820F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!DdeConnect                                                     77D57D7B 6 Bytes  JMP 5F520F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!EndTask                                                        77D59C5D 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!RegisterRawInputDevices                                        77D6C9C6 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!RegisterRawInputDevices + 4                                    77D6C9CA 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\WINDOWS\system32\svchost.exe[1624] SHELL32.dll!ShellExecuteExW                                               7CA1172B 6 Bytes  JMP 5F3A0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] SHELL32.dll!ShellExecuteEx                                                7CA50AED 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] SHELL32.dll!ShellExecuteA                                                 7CA50E18 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\system32\svchost.exe[1624] SHELL32.dll!ShellExecuteW                                                 7CAC4A18 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] ntdll.dll!NtLoadDriver                                                   7C91DB6E 3 Bytes  [FF, 25, 1E]
         

Alt 26.07.2009, 21:57   #28
Scars
 
Generic 14.DNH - Standard

Generic 14.DNH



Code:
ATTFilter
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] ntdll.dll!NtLoadDriver + 4                                               7C91DB72 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] ntdll.dll!NtSuspendProcess                                               7C91E83A 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] ntdll.dll!NtSuspendProcess + 4                                           7C91E83E 2 Bytes  [38, 5F]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!CreateFileA                                                 7C801A24 6 Bytes  JMP 5F670F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!VirtualProtect                                              7C801AD0 6 Bytes  JMP 5F700F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!LoadLibraryExW                                              7C801AF1 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!LoadLibraryExW + C4                                         7C801BB5 4 Bytes  CALL 01410001 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!LoadLibraryA                                                7C801D77 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!TerminateProcess                                            7C801E16 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!GetStartupInfoA                                             7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!WriteProcessMemory                                          7C80220F 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!CreateProcessW                                              7C802332 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!CreateProcessA                                              7C802367 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!LoadResource                                                7C80A065 6 Bytes  JMP 5F7C0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!GetProcAddress                                              7C80AC28 6 Bytes  JMP 5F550F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!LoadLibraryW                                                7C80ACD3 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!CreateMutexA                                                7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!CreateRemoteThread                                          7C810626 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!CreateRemoteThread + 4                                      7C81062A 2 Bytes  [11, 5F]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!CreateThread                                                7C81082F 6 Bytes  JMP 5F6D0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!CreateFileW                                                 7C810976 6 Bytes  JMP 5F640F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!GetCommandLineA                                             7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!TerminateThread                                             7C81CACB 6 Bytes  JMP 5F3A0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!GetVolumeInformationA                                       7C827052 6 Bytes  JMP 5F580F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!DebugActiveProcess                                          7C859F0B 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!WinExec                                                     7C86114D 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!CreateToolhelp32Snapshot                                    7C8647B7 6 Bytes  JMP 5F6A0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!GetKeyState                                                   77D1C505 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!ShowWindow                                                    77D1D8A4 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!ShowWindow + 4                                                77D1D8A8 2 Bytes  [7A, 5F] {JP 0x61}
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!GetAsyncKeyState                                              77D1E655 6 Bytes  JMP 5F430F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!SetWindowsHookExW                                             77D2E4AF 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!SetWindowsHookExA                                             77D311E9 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!SetWinEventHook                                               77D317C8 6 Bytes  JMP 5F4F0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!GetWindowTextA                                                77D3213C 6 Bytes  JMP 5F760F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!DdeConnect                                                    77D57D7B 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!EndTask                                                       77D59C5D 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!RegisterRawInputDevices                                       77D6C9C6 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!RegisterRawInputDevices + 4                                   77D6C9CA 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] ADVAPI32.dll!RegOpenKeyExA                                               77DA761B 6 Bytes  JMP 5F5E0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] ADVAPI32.dll!RegCreateKeyExA                                             77DAEAF4 6 Bytes  JMP 5F5B0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] ADVAPI32.dll!RegSetValueExA                                              77DAEBE7 6 Bytes  JMP 5F610F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] ADVAPI32.dll!OpenSCManagerA                                              77DBADA7 6 Bytes  JMP 5F730F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] ADVAPI32.dll!LsaRemoveAccountRights                                      77DEAA41 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1680] ADVAPI32.dll!CreateServiceA                                              77E07071 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] ntdll.dll!NtLoadDriver                                                    7C91DB6E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\svchost.exe[1768] ntdll.dll!NtLoadDriver + 4                                                7C91DB72 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\WINDOWS\system32\svchost.exe[1768] ntdll.dll!NtSuspendProcess                                                7C91E83A 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\svchost.exe[1768] ntdll.dll!NtSuspendProcess + 4                                            7C91E83E 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateFileA                                                  7C801A24 6 Bytes  JMP 5F730F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!VirtualProtect                                               7C801AD0 6 Bytes  JMP 5F7C0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!LoadLibraryExW                                               7C801AF1 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!LoadLibraryExW + C4                                          7C801BB5 4 Bytes  CALL 00700001 
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!LoadLibraryA                                                 7C801D77 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!TerminateProcess                                             7C801E16 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!GetStartupInfoA                                              7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!WriteProcessMemory                                           7C80220F 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateProcessW                                               7C802332 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateProcessA                                               7C802367 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!LoadResource                                                 7C80A065 6 Bytes  JMP 5F880F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!GetProcAddress                                               7C80AC28 6 Bytes  JMP 5F610F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!LoadLibraryW                                                 7C80ACD3 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateMutexA                                                 7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateRemoteThread                                           7C810626 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateRemoteThread + 4                                       7C81062A 2 Bytes  [11, 5F]
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateThread                                                 7C81082F 6 Bytes  JMP 5F790F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateFileW                                                  7C810976 6 Bytes  JMP 5F700F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!GetCommandLineA                                              7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!TerminateThread                                              7C81CACB 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!GetVolumeInformationA                                        7C827052 6 Bytes  JMP 5F640F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!DebugActiveProcess                                           7C859F0B 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!WinExec                                                      7C86114D 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateToolhelp32Snapshot                                     7C8647B7 6 Bytes  JMP 5F760F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!RegOpenKeyExA                                                77DA761B 6 Bytes  JMP 5F6A0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!RegCreateKeyExA                                              77DAEAF4 6 Bytes  JMP 5F670F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!RegSetValueExA                                               77DAEBE7 6 Bytes  JMP 5F6D0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!OpenSCManagerA                                               77DBADA7 6 Bytes  JMP 5F7F0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!LsaRemoveAccountRights                                       77DEAA41 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!CreateServiceA                                               77E07071 6 Bytes  JMP 5F580F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!GetKeyState                                                    77D1C505 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!ShowWindow                                                     77D1D8A4 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!ShowWindow + 4                                                 77D1D8A8 2 Bytes  [86, 5F]
.text           C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!GetAsyncKeyState                                               77D1E655 6 Bytes  JMP 5F4F0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!SetWindowsHookExW                                              77D2E4AF 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!SetWindowsHookExA                                              77D311E9 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!SetWinEventHook                                                77D317C8 6 Bytes  JMP 5F5B0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!GetWindowTextA                                                 77D3213C 6 Bytes  JMP 5F820F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!DdeConnect                                                     77D57D7B 6 Bytes  JMP 5F520F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!EndTask                                                        77D59C5D 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!RegisterRawInputDevices                                        77D6C9C6 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!RegisterRawInputDevices + 4                                    77D6C9CA 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\WINDOWS\system32\svchost.exe[1768] SHELL32.dll!ShellExecuteExW                                               7CA1172B 6 Bytes  JMP 5F3A0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] SHELL32.dll!ShellExecuteEx                                                7CA50AED 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] SHELL32.dll!ShellExecuteA                                                 7CA50E18 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\system32\svchost.exe[1768] SHELL32.dll!ShellExecuteW                                                 7CAC4A18 6 Bytes  JMP 5F340F5A
         

Alt 26.07.2009, 21:58   #29
Scars
 
Generic 14.DNH - Standard

Generic 14.DNH



Code:
ATTFilter
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] ntdll.dll!NtLoadDriver                                                 7C91DB6E 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] ntdll.dll!NtLoadDriver + 4                                             7C91DB72 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] ntdll.dll!NtSuspendProcess                                             7C91E83A 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] ntdll.dll!NtSuspendProcess + 4                                         7C91E83E 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!CreateFileA                                               7C801A24 6 Bytes  JMP 5F730F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!VirtualProtect                                            7C801AD0 6 Bytes  JMP 5F7C0F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!LoadLibraryExW                                            7C801AF1 6 Bytes  JMP 5F130F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!LoadLibraryExW + C4                                       7C801BB5 4 Bytes  CALL 01B70001 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!LoadLibraryA                                              7C801D77 6 Bytes  JMP 5F1F0F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!TerminateProcess                                          7C801E16 6 Bytes  JMP 5F190F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!GetStartupInfoA                                           7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!WriteProcessMemory                                        7C80220F 6 Bytes  JMP 5F1C0F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!CreateProcessW                                            7C802332 6 Bytes  JMP 5F2E0F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!CreateProcessA                                            7C802367 6 Bytes  JMP 5F2B0F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!LoadResource                                              7C80A065 6 Bytes  JMP 5F880F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!GetProcAddress                                            7C80AC28 6 Bytes  JMP 5F610F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!LoadLibraryW                                              7C80ACD3 6 Bytes  JMP 5F220F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!CreateMutexA                                              7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!CreateRemoteThread                                        7C810626 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!CreateRemoteThread + 4                                    7C81062A 2 Bytes  [11, 5F]
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!CreateThread                                              7C81082F 6 Bytes  JMP 5F790F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!CreateFileW                                               7C810976 6 Bytes  JMP 5F700F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!GetCommandLineA                                           7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!TerminateThread                                           7C81CACB 6 Bytes  JMP 5F460F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!GetVolumeInformationA                                     7C827052 6 Bytes  JMP 5F640F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!DebugActiveProcess                                        7C859F0B 6 Bytes  JMP 5F490F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!WinExec                                                   7C86114D 6 Bytes  JMP 5F3D0F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!CreateToolhelp32Snapshot                                  7C8647B7 6 Bytes  JMP 5F760F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!RegOpenKeyExA                                             77DA761B 6 Bytes  JMP 5F6A0F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!RegCreateKeyExA                                           77DAEAF4 6 Bytes  JMP 5F670F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!RegSetValueExA                                            77DAEBE7 6 Bytes  JMP 5F6D0F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!OpenSCManagerA                                            77DBADA7 6 Bytes  JMP 5F7F0F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!LsaRemoveAccountRights                                    77DEAA41 6 Bytes  JMP 5F160F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!CreateServiceA                                            77E07071 6 Bytes  JMP 5F580F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!GetKeyState                                                 77D1C505 6 Bytes  JMP 5F4C0F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!ShowWindow                                                  77D1D8A4 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!ShowWindow + 4                                              77D1D8A8 2 Bytes  [86, 5F]
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!GetAsyncKeyState                                            77D1E655 6 Bytes  JMP 5F4F0F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!SetWindowsHookExW                                           77D2E4AF 6 Bytes  JMP 5F280F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!SetWindowsHookExA                                           77D311E9 6 Bytes  JMP 5F250F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!SetWinEventHook                                             77D317C8 6 Bytes  JMP 5F5B0F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!GetWindowTextA                                              77D3213C 6 Bytes  JMP 5F820F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!DdeConnect                                                  77D57D7B 6 Bytes  JMP 5F520F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!EndTask                                                     77D59C5D 6 Bytes  JMP 5F400F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!RegisterRawInputDevices                                     77D6C9C6 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!RegisterRawInputDevices + 4                                 77D6C9CA 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] SHELL32.dll!ShellExecuteExW                                            7CA1172B 6 Bytes  JMP 5F3A0F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] SHELL32.dll!ShellExecuteEx                                             7CA50AED 6 Bytes  JMP 5F370F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] SHELL32.dll!ShellExecuteA                                              7CA50E18 6 Bytes  JMP 5F310F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] SHELL32.dll!ShellExecuteW                                              7CAC4A18 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] ntdll.dll!NtLoadDriver                                                    7C91DB6E 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\spoolsv.exe[1984] ntdll.dll!NtLoadDriver + 4                                                7C91DB72 2 Bytes  [56, 5F] {PUSH ESI; POP EDI}
.text           C:\WINDOWS\system32\spoolsv.exe[1984] ntdll.dll!NtSuspendProcess                                                7C91E83A 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\spoolsv.exe[1984] ntdll.dll!NtSuspendProcess + 4                                            7C91E83E 2 Bytes  [44, 5F] {INC ESP; POP EDI}
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!CreateFileA                                                  7C801A24 6 Bytes  JMP 5F730F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!VirtualProtect                                               7C801AD0 6 Bytes  JMP 5F7C0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!LoadLibraryExW                                               7C801AF1 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!LoadLibraryExW + C4                                          7C801BB5 4 Bytes  CALL 01220001 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!LoadLibraryA                                                 7C801D77 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!TerminateProcess                                             7C801E16 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!GetStartupInfoA                                              7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!WriteProcessMemory                                           7C80220F 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!CreateProcessW                                               7C802332 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!CreateProcessA                                               7C802367 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!LoadResource                                                 7C80A065 6 Bytes  JMP 5F880F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!GetProcAddress                                               7C80AC28 6 Bytes  JMP 5F610F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!LoadLibraryW                                                 7C80ACD3 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!CreateMutexA                                                 7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!CreateRemoteThread                                           7C810626 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!CreateRemoteThread + 4                                       7C81062A 2 Bytes  [11, 5F]
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!CreateThread                                                 7C81082F 6 Bytes  JMP 5F790F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!CreateFileW                                                  7C810976 6 Bytes  JMP 5F700F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!GetCommandLineA                                              7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!TerminateThread                                              7C81CACB 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!GetVolumeInformationA                                        7C827052 6 Bytes  JMP 5F640F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!DebugActiveProcess                                           7C859F0B 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!WinExec                                                      7C86114D 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!CreateToolhelp32Snapshot                                     7C8647B7 6 Bytes  JMP 5F760F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] ADVAPI32.dll!RegOpenKeyExA                                                77DA761B 6 Bytes  JMP 5F6A0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] ADVAPI32.dll!RegCreateKeyExA                                              77DAEAF4 6 Bytes  JMP 5F670F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] ADVAPI32.dll!RegSetValueExA                                               77DAEBE7 6 Bytes  JMP 5F6D0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] ADVAPI32.dll!OpenSCManagerA                                               77DBADA7 6 Bytes  JMP 5F7F0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] ADVAPI32.dll!LsaRemoveAccountRights                                       77DEAA41 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] ADVAPI32.dll!CreateServiceA                                               77E07071 6 Bytes  JMP 5F580F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!GetKeyState                                                    77D1C505 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!ShowWindow                                                     77D1D8A4 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!ShowWindow + 4                                                 77D1D8A8 2 Bytes  [86, 5F]
.text           C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!GetAsyncKeyState                                               77D1E655 6 Bytes  JMP 5F4F0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!SetWindowsHookExW                                              77D2E4AF 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!SetWindowsHookExA                                              77D311E9 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!SetWinEventHook                                                77D317C8 6 Bytes  JMP 5F5B0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!GetWindowTextA                                                 77D3213C 6 Bytes  JMP 5F820F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!DdeConnect                                                     77D57D7B 6 Bytes  JMP 5F520F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!EndTask                                                        77D59C5D 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!RegisterRawInputDevices                                        77D6C9C6 3 Bytes  [FF, 25, 1E]
.text           C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!RegisterRawInputDevices + 4                                    77D6C9CA 2 Bytes  [5F, 5F] {POP EDI; POP EDI}
.text           C:\WINDOWS\system32\spoolsv.exe[1984] SHELL32.dll!ShellExecuteExW                                               7CA1172B 6 Bytes  JMP 5F3A0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] SHELL32.dll!ShellExecuteEx                                                7CA50AED 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] SHELL32.dll!ShellExecuteA                                                 7CA50E18 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1984] SHELL32.dll!ShellExecuteW                                                 7CAC4A18 6 Bytes  JMP 5F340F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] ntdll.dll!NtLoadDriver                                       7C91DB6E 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] ntdll.dll!NtLoadDriver + 4                                   7C91DB72 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] ntdll.dll!NtSuspendProcess                                   7C91E83A 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] ntdll.dll!NtSuspendProcess + 4                               7C91E83E 2 Bytes  [38, 5F]
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!CreateFileA                                     7C801A24 6 Bytes  JMP 5F670F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!VirtualProtect                                  7C801AD0 6 Bytes  JMP 5F700F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!LoadLibraryExW                                  7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!LoadLibraryA                                    7C801D77 6 Bytes  JMP 5F130F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!TerminateProcess                                7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!WriteProcessMemory                              7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!CreateProcessW                                  7C802332 6 Bytes  JMP 5F220F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!CreateProcessA                                  7C802367 6 Bytes  JMP 5F1F0F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!LoadResource                                    7C80A065 6 Bytes  JMP 5F7C0F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!GetProcAddress                                  7C80AC28 6 Bytes  JMP 5F550F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!LoadLibraryW                                    7C80ACD3 6 Bytes  JMP 5F160F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!CreateRemoteThread                              7C810626 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!CreateRemoteThread + 4                          7C81062A 2 Bytes  [05, 5F]
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!CreateThread                                    7C81082F 6 Bytes  JMP 5F6D0F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!CreateFileW                                     7C810976 6 Bytes  JMP 5F640F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!TerminateThread                                 7C81CACB 6 Bytes  JMP 5F3A0F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!GetVolumeInformationA                           7C827052 6 Bytes  JMP 5F580F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!DebugActiveProcess                              7C859F0B 6 Bytes  JMP 5F3D0F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!WinExec                                         7C86114D 6 Bytes  JMP 5F310F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!CreateToolhelp32Snapshot                        7C8647B7 6 Bytes  JMP 5F6A0F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] ADVAPI32.dll!RegOpenKeyExA                                   77DA761B 6 Bytes  JMP 5F5E0F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] ADVAPI32.dll!RegCreateKeyExA                                 77DAEAF4 6 Bytes  JMP 5F5B0F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] ADVAPI32.dll!RegSetValueExA                                  77DAEBE7 6 Bytes  JMP 5F610F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] ADVAPI32.dll!OpenSCManagerA                                  77DBADA7 6 Bytes  JMP 5F730F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] ADVAPI32.dll!LsaRemoveAccountRights                          77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] ADVAPI32.dll!CreateServiceA                                  77E07071 6 Bytes  JMP 5F4C0F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!GetKeyState                                       77D1C505 6 Bytes  JMP 5F400F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!ShowWindow                                        77D1D8A4 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!ShowWindow + 4                                    77D1D8A8 2 Bytes  [7A, 5F] {JP 0x61}
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!GetAsyncKeyState                                  77D1E655 6 Bytes  JMP 5F430F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!SetWindowsHookExW                                 77D2E4AF 6 Bytes  JMP 5F1C0F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!SetWindowsHookExA                                 77D311E9 6 Bytes  JMP 5F190F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!SetWinEventHook                                   77D317C8 6 Bytes  JMP 5F4F0F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!GetWindowTextA                                    77D3213C 6 Bytes  JMP 5F760F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!DdeConnect                                        77D57D7B 6 Bytes  JMP 5F460F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!EndTask                                           77D59C5D 6 Bytes  JMP 5F340F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!RegisterRawInputDevices                           77D6C9C6 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!RegisterRawInputDevices + 4                       77D6C9CA 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] SHELL32.dll!ShellExecuteExW                                  7CA1172B 6 Bytes  JMP 5F2E0F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] SHELL32.dll!ShellExecuteEx                                   7CA50AED 6 Bytes  JMP 5F2B0F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] SHELL32.dll!ShellExecuteA                                    7CA50E18 6 Bytes  JMP 5F250F5A 
.text           C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] SHELL32.dll!ShellExecuteW                                    7CAC4A18 6 Bytes  JMP 5F280F5A
         

Alt 26.07.2009, 21:59   #30
Scars
 
Generic 14.DNH - Standard

Generic 14.DNH



Code:
ATTFilter
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] ntdll.dll!NtLoadDriver                  7C91DB6E 3 Bytes  [FF, 25, 1E]
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] ntdll.dll!NtLoadDriver + 4              7C91DB72 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] ntdll.dll!NtSuspendProcess              7C91E83A 3 Bytes  [FF, 25, 1E]
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] ntdll.dll!NtSuspendProcess + 4          7C91E83E 2 Bytes  [38, 5F]
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!CreateFileA                7C801A24 6 Bytes  JMP 5F670F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!VirtualProtect             7C801AD0 6 Bytes  JMP 5F700F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!LoadLibraryExW             7C801AF1 6 Bytes  JMP 5F130F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!LoadLibraryExW + C4        7C801BB5 4 Bytes  CALL 003C0001 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!LoadLibraryA               7C801D77 6 Bytes  JMP 5F1F0F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!TerminateProcess           7C801E16 6 Bytes  JMP 5F190F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!GetStartupInfoA            7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!WriteProcessMemory         7C80220F 6 Bytes  JMP 5F1C0F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!CreateProcessW             7C802332 6 Bytes  JMP 5F2E0F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!CreateProcessA             7C802367 6 Bytes  JMP 5F2B0F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!LoadResource               7C80A065 6 Bytes  JMP 5F7C0F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!FreeLibrary + 15           7C80AA7B 4 Bytes  CALL 7170003D 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!GetProcAddress             7C80AC28 6 Bytes  JMP 5F550F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!LoadLibraryW               7C80ACD3 6 Bytes  JMP 5F220F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!CreateMutexA               7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!CreateRemoteThread         7C810626 3 Bytes  [FF, 25, 1E]
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!CreateRemoteThread + 4     7C81062A 2 Bytes  [11, 5F]
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!CreateThread               7C81082F 6 Bytes  JMP 5F6D0F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!CreateFileW                7C810976 6 Bytes  JMP 5F640F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!GetCommandLineA            7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!TerminateThread            7C81CACB 6 Bytes  JMP 5F3A0F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!GetVolumeInformationA      7C827052 6 Bytes  JMP 5F580F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!DebugActiveProcess         7C859F0B 6 Bytes  JMP 5F3D0F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!WinExec                    7C86114D 6 Bytes  JMP 5F310F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!CreateToolhelp32Snapshot   7C8647B7 6 Bytes  JMP 5F6A0F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!GetKeyState                  77D1C505 6 Bytes  JMP 5F400F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!ShowWindow                   77D1D8A4 3 Bytes  [FF, 25, 1E]
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!ShowWindow + 4               77D1D8A8 2 Bytes  [7A, 5F] {JP 0x61}
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!GetAsyncKeyState             77D1E655 6 Bytes  JMP 5F430F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!SetWindowsHookExW            77D2E4AF 6 Bytes  JMP 5F280F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!SetWindowsHookExA            77D311E9 6 Bytes  JMP 5F250F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!SetWinEventHook              77D317C8 6 Bytes  JMP 5F4F0F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!GetWindowTextA               77D3213C 6 Bytes  JMP 5F760F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!DdeConnect                   77D57D7B 6 Bytes  JMP 5F460F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!EndTask                      77D59C5D 6 Bytes  JMP 5F340F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!RegisterRawInputDevices      77D6C9C6 3 Bytes  [FF, 25, 1E]
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!RegisterRawInputDevices + 4  77D6C9CA 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] ADVAPI32.dll!RegOpenKeyExA              77DA761B 6 Bytes  JMP 5F5E0F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] ADVAPI32.dll!RegCreateKeyExA            77DAEAF4 6 Bytes  JMP 5F5B0F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] ADVAPI32.dll!RegSetValueExA             77DAEBE7 6 Bytes  JMP 5F610F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] ADVAPI32.dll!OpenSCManagerA             77DBADA7 6 Bytes  JMP 5F730F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] ADVAPI32.dll!LsaRemoveAccountRights     77DEAA41 6 Bytes  JMP 5F160F5A 
.text           C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] ADVAPI32.dll!CreateServiceA             77E07071 6 Bytes  JMP 5F4C0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] ntdll.dll!NtLoadDriver                                      7C91DB6E 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] ntdll.dll!NtLoadDriver + 4                                  7C91DB72 2 Bytes  [4A, 5F] {DEC EDX; POP EDI}
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] ntdll.dll!NtSuspendProcess                                  7C91E83A 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] ntdll.dll!NtSuspendProcess + 4                              7C91E83E 2 Bytes  [38, 5F]
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!CreateFileA                                    7C801A24 6 Bytes  JMP 5F670F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!VirtualProtect                                 7C801AD0 6 Bytes  JMP 5F700F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!LoadLibraryExW                                 7C801AF1 6 Bytes  JMP 5F130F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!LoadLibraryExW + C4                            7C801BB5 4 Bytes  CALL 009F0001 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!LoadLibraryA                                   7C801D77 6 Bytes  JMP 5F1F0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!TerminateProcess                               7C801E16 6 Bytes  JMP 5F190F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!GetStartupInfoA                                7C801EEE 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!WriteProcessMemory                             7C80220F 6 Bytes  JMP 5F1C0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!CreateProcessW                                 7C802332 6 Bytes  JMP 5F2E0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!CreateProcessA                                 7C802367 6 Bytes  JMP 5F2B0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!LoadResource                                   7C80A065 6 Bytes  JMP 5F7C0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!FreeLibrary + 15                               7C80AA7B 4 Bytes  CALL 7170003D 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!GetProcAddress                                 7C80AC28 6 Bytes  JMP 5F550F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!LoadLibraryW                                   7C80ACD3 6 Bytes  JMP 5F220F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!CreateMutexA                                   7C80EB3F 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!CreateRemoteThread                             7C810626 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!CreateRemoteThread + 4                         7C81062A 2 Bytes  [11, 5F]
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!CreateThread                                   7C81082F 6 Bytes  JMP 5F6D0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!CreateFileW                                    7C810976 6 Bytes  JMP 5F640F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!GetCommandLineA                                7C812C8D 6 Bytes  JMP 5F0D0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!TerminateThread                                7C81CACB 6 Bytes  JMP 5F3A0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!GetVolumeInformationA                          7C827052 6 Bytes  JMP 5F580F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!DebugActiveProcess                             7C859F0B 6 Bytes  JMP 5F3D0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!WinExec                                        7C86114D 6 Bytes  JMP 5F310F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!CreateToolhelp32Snapshot                       7C8647B7 6 Bytes  JMP 5F6A0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!GetKeyState                                      77D1C505 6 Bytes  JMP 5F400F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!ShowWindow                                       77D1D8A4 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!ShowWindow + 4                                   77D1D8A8 2 Bytes  [7A, 5F] {JP 0x61}
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!GetAsyncKeyState                                 77D1E655 6 Bytes  JMP 5F430F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!SetWindowsHookExW                                77D2E4AF 6 Bytes  JMP 5F280F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!SetWindowsHookExA                                77D311E9 6 Bytes  JMP 5F250F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!SetWinEventHook                                  77D317C8 6 Bytes  JMP 5F4F0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!GetWindowTextA                                   77D3213C 6 Bytes  JMP 5F760F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!DdeConnect                                       77D57D7B 6 Bytes  JMP 5F460F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!EndTask                                          77D59C5D 6 Bytes  JMP 5F340F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!RegisterRawInputDevices                          77D6C9C6 3 Bytes  [FF, 25, 1E]
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!RegisterRawInputDevices + 4                      77D6C9CA 2 Bytes  [53, 5F] {PUSH EBX; POP EDI}
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] ADVAPI32.dll!RegOpenKeyExA                                  77DA761B 6 Bytes  JMP 5F5E0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] ADVAPI32.dll!RegCreateKeyExA                                77DAEAF4 6 Bytes  JMP 5F5B0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] ADVAPI32.dll!RegSetValueExA                                 77DAEBE7 6 Bytes  JMP 5F610F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] ADVAPI32.dll!OpenSCManagerA                                 77DBADA7 6 Bytes  JMP 5F730F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] ADVAPI32.dll!LsaRemoveAccountRights                         77DEAA41 6 Bytes  JMP 5F160F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] ADVAPI32.dll!CreateServiceA                                 77E07071 6 Bytes  JMP 5F4C0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] shell32.dll!ShellExecuteExW                                 7CA1172B 6 Bytes  JMP 5F880F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] shell32.dll!ShellExecuteEx                                  7CA50AED 6 Bytes  JMP 5F850F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] shell32.dll!ShellExecuteA                                   7CA50E18 6 Bytes  JMP 5F7F0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] shell32.dll!ShellExecuteW                                   7CAC4A18 6 Bytes  JMP 5F820F5A
         

Antwort

Themen zu Generic 14.DNH
angemeldet, anti-malware, combofix, dateien, desktop, erstellt, explorer, generic, icons, internet, internet explorer, log, malwarebytes, neu, neu aufgesetzt, programme, protection system, rechner, registrierungsschlüssel, rogue.protectionsystem, security, service, software, stopzilla, system, taskmanager, version, virus



Ähnliche Themen: Generic 14.DNH


  1. Trojan.GenericKD.2269178 (B) + Trojan.Generic.13051484 (B) + Trojan.Generic.12905642 (B)
    Log-Analyse und Auswertung - 10.04.2015 (12)
  2. Generic.Vundo.C
    Plagegeister aller Art und deren Bekämpfung - 13.07.2014 (5)
  3. ZoneAlarm hat zwei Viren gefunden: HEUR:Exploit.Script.Generic und HEUR:Exploit.Java.Generic
    Log-Analyse und Auswertung - 21.02.2014 (15)
  4. Trojaner Generic 28
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (32)
  5. Generic.Dropper_C.mmi
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (1)
  6. simdemo.exe mit Trojaner Generic 22.BSSM & Generic 26.KCB
    Log-Analyse und Auswertung - 28.12.2011 (7)
  7. Generic Host Process for Win32 Services hat ein Problem festgestellt = W32/Generic.worm!p2p
    Log-Analyse und Auswertung - 06.09.2011 (25)
  8. Generic PWS.y!ctj
    Plagegeister aller Art und deren Bekämpfung - 18.08.2010 (1)
  9. Generic, Dropper.Generic, Downloader.Generic gefunden
    Plagegeister aller Art und deren Bekämpfung - 09.08.2010 (21)
  10. Generic PUP.i
    Antiviren-, Firewall- und andere Schutzprogramme - 30.06.2010 (6)
  11. Generic.Bot.H
    Plagegeister aller Art und deren Bekämpfung - 24.02.2010 (2)
  12. TR/Generic.1857123.27
    Plagegeister aller Art und deren Bekämpfung - 21.06.2009 (38)
  13. Jede min >>PAK Generic<< usw..
    Log-Analyse und Auswertung - 11.03.2009 (2)
  14. Generic 4B / 5 / 11
    Log-Analyse und Auswertung - 22.06.2007 (3)
  15. HiJackLogFile, Generic 3 und Back Door, Generic 6 laut AVG gefunden
    Log-Analyse und Auswertung - 21.06.2007 (4)
  16. Generic Win Process
    Plagegeister aller Art und deren Bekämpfung - 11.06.2007 (1)
  17. Lop.AQ & Generic
    Log-Analyse und Auswertung - 24.11.2006 (2)

Zum Thema Generic 14.DNH - Hijackthis Code: Alles auswählen Aufklappen ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:17:23, on 26.07.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) - Generic 14.DNH...
Archiv
Du betrachtest: Generic 14.DNH auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.