Trojaner-Board
Seite 3 von 5 12 3 45
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Spybot 2.0 Rootkit scan: HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic + Blue Screen IRQL_NOT_LESS_OR_EQUAL (https://www.trojaner-board.de/119622-spybot-2-0-rootkit-scan-hkey_local_machine-software-xanthic-blue-screen-irql_not_less_or_equal.html)

Polarbär 26.07.2012 16:48
Hallo Arne

R-Firewall = Windows7 FirewallControl?
habe die Windows7 FirewallControl nur drauf da die mir zeigt welche Programme auf Netz zugreifen und ich evtl. Speeren kann. Oder soll ich das anders machen?
Windows-Firewall läuft sonst auch.

cosinus 26.07.2012 22:12
Nein, R-Firewall ist etwas anderes! => R-Firewall, Download bei heise
Man sollte das wirklich nicht mit diesen Dingen übertreiben, man kann sich ungeahnte Probleme und neue Sicherheitslöcher einhanndeln! Belass es bei der normalen Windows-Firewall und gut!

Polarbär 28.07.2012 07:56
o.K.:daumenhoc

cosinus 28.07.2012 22:20
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Polarbär 29.07.2012 09:37
1.Teil erledigt

Zitat:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-29 07:35:31
-----------------------------
07:35:31.703 OS Version: Windows 5.1.2600 Service Pack 2
07:35:31.703 Number of processors: 2 586 0x404
07:35:31.703 ComputerName: PALME UserName: Roman
07:35:32.484 Initialize success
07:35:36.234 AVAST engine defs: 12072801
07:35:44.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
07:35:44.921 Disk 0 Vendor: ST3250823AS 3.03 Size: 238475MB BusType: 3
07:35:44.921 Disk 0 MBR read successfully
07:35:44.937 Disk 0 MBR scan
07:35:44.937 Disk 0 unknown MBR code
07:35:44.937 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 119208 MB offset 63
07:35:44.953 Disk 0 Partition - 00 0F Extended LBA 119263 MB offset 244139805
07:35:44.984 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 110501 MB offset 244139868
07:35:44.984 Disk 0 Partition - 00 05 Extended 8762 MB offset 470447460
07:35:45.015 Disk 0 Partition 3 00 0B FAT32 MSWIN4.1 8761 MB offset 470447523
07:35:45.031 Disk 0 scanning sectors +488392065
07:35:45.093 Disk 0 scanning C:\WINDOWS\system32\drivers
07:35:54.687 Service scanning
07:36:07.937 Modules scanning
07:36:13.796 Disk 0 trace - called modules:
07:36:13.828 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x8a7d09d8]<<
07:36:13.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a77eab8]
07:36:13.843 3 CLASSPNP.SYS[f74c805b] -> nt!IofCallDriver -> \Device\0000008b[0x8a7335b0]
07:36:13.859 5 ACPI.sys[f735d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a72cd98]
07:36:13.875 \Driver\atapi[0x8a77f628] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> prosync1.sys[0xf798d661]
07:36:14.218 AVAST engine scan C:\WINDOWS
07:36:22.453 AVAST engine scan C:\WINDOWS\system32
07:38:48.343 AVAST engine scan C:\WINDOWS\system32\drivers
07:39:12.968 AVAST engine scan C:\Dokumente und Einstellungen\Roman
07:46:40.125 File: C:\Dokumente und Einstellungen\Roman\Desktop\sonstiges\minefiled\minefield-4.0-2011031913.en-US.win32-tete009-sse2-pgo\tmemutil.dll **INFECTED** Win32:Fraudo [Trj]
07:54:13.843 AVAST engine scan C:\Dokumente und Einstellungen\All Users
07:57:21.109 Scan finished successfully
08:01:55.609 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Roman\Desktop\MBR.dat"
08:01:55.625 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Roman\Desktop\aswMBR.txt"
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 10:34:04 on 29.07.2012

OS: Windows XP Home Edition Service Pack 2 (Build 2600)
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\WINDOWS\system32\sdnclean.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"Scan the system (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDScan.exe
"avast! Emergency Update.job" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastEmUpdate.exe
"Check for updates (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe
"Refresh immunization (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDImmunize.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"cttune.cpl" - ? - C:\WINDOWS\system32\cttune.cpl
"ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbaccpl.cpl
"ddbacctm.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbacctm.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl
"QTW32.CPL" - "Apple Computer, Inc." - C:\WINDOWS\system32\QTW32.CPL
"scurecpl.cpl" - "Softex, Inc" - C:\WINDOWS\system32\scurecpl.cpl
"wuaucpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"ColorManagement" - "Microsoft Corporation" - C:\Programme\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\ColorMgmt.cpl
"Folder Size" - "Brio" - C:\Programme\FolderSize\FolderSize.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QT Lite\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"A4Tech PS/2 Port Mouse Driver" (Amps2prt) - "A4Tech Co.,Ltd." - C:\WINDOWS\System32\DRIVERS\Amps2prt.sys
"AEGIS Protocol (IEEE 802.1x) v3.7.5.0" (AegisP) - "Cisco Systems, Inc." - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys
"ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
"ATITool Overclocking Utility" (ATITool) - ? - C:\WINDOWS\System32\DRIVERS\ATITool.sys
"avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys
"avast! Standard Shield Support" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"CrystalSysInfo" (CrystalSysInfo) - ? - C:\Programme\MediaCoder\SysInfo.sys  (File not found)
"DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\WINDOWS\system32\Drivers\DgiVecp.sys
"Dokan" (Dokan) - "Windows (R) Win 7 DDK provider" - C:\WINDOWS\system32\drivers\dokan.sys
"dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\dsltestSp5.sys
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\WINDOWS\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
"giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys  (File found, but it contains no detailed information)
"HDPrfDrv" (HDPrfDrv) - "Matthias Withopf" - C:\WINDOWS\system32\HDPrfDrv-1.sys
"ISDN PCI CAPI" (WDMCAPI) - ? - C:\WINDOWS\System32\DRIVERS\WDMCAPI.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"mbmiodrvr" (mbmiodrvr) - "cansoft@livewiredev.com" - C:\WINDOWS\system32\mbmiodrvr.sys
"MxlW2k" (MxlW2k) - "MusicMatch, Inc." - C:\WINDOWS\system32\drivers\MxlW2k.sys
"NDIS WAN miniport" (WDMWANMP) - ? - C:\WINDOWS\System32\DRIVERS\wdmwanmp.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"NPPTNT2" (NPPTNT2) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\npptNT2.sys
"nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
"NVR0Dev" (NVR0Dev) - "NVidia Corp." - C:\WINDOWS\nvoclock.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PortTalk" (PortTalk) - "Beyond Logic hxxp://www.beyondlogic.org" - C:\WINDOWS\system32\Drivers\PtbTalk.sys
"PSI" (PSI) - "Secunia" - C:\WINDOWS\System32\DRIVERS\psi_mf.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"RT2500 USB Wireless LAN Driver" (RT2500USB) - "Ralink Technology Inc." - C:\WINDOWS\System32\DRIVERS\rt2500usb.sys
"StarForce Protection Environment Driver (version 1.x.a)" (sfdrv01a) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfdrv01a.sys
"StarForce Protection Environment Driver v6" (prodrv06) - "Protection Technology" - C:\WINDOWS\System32\drivers\prodrv06.sys
"StarForce Protection Helper Driver" (sfhlp01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection Helper Driver v2" (prohlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\prohlp02.sys
"StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfsync04.sys
"StarForce Protection Synchronization Driver v1" (prosync1) - "Protection Technology" - C:\WINDOWS\System32\drivers\prosync1.sys
"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys
"TCP/IP-Protokolltreiber" (Tcpip) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\tcpip.sys
"TfFsMon" (TfFsMon) - "PC Tools" - C:\WINDOWS\System32\drivers\TfFsMon.sys
"TfNetMon" (TfNetMon) - "PC Tools" - C:\WINDOWS\system32\drivers\TfNetMon.sys
"TfSysMon" (TfSysMon) - "PC Tools" - C:\WINDOWS\System32\drivers\TfSysMon.sys
"Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
"VMware Virtual Ethernet Adapter Driver" (VMnetAdapter) - ? - C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys  (File not found)
"Windows7FirewallControl" (Windows7FirewallControl) - ? - C:\Programme\Windows7FirewallControl\Windows7FirewallControl.sys  (File found, but it contains no detailed information)
"WinRing0 driver" (WinRing0_1_2_0) - "OpenLibSys.org" - C:\WINDOWS\system32\Drivers\ptbring0.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
{89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop-Update" - "Microsoft Corporation" - regsvr32.exe /s /n /i:U shell32.dll
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{04DAAD08-70EF-450E-834A-DCFAF9B48748} "{04DAAD08-70EF-450E-834A-DCFAF9B48748}" - "Brio" - C:\Programme\FolderSize\FolderSizeColumn.dll
{0D2E74C4-3C34-11d2-A27E-00C04FC30871} "{0D2E74C4-3C34-11d2-A27E-00C04FC30871}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{24F14F01-7B1C-11d1-838f-0000F80461CF} "{24F14F01-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{24F14F02-7B1C-11d1-838f-0000F80461CF} "{24F14F02-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{66742402-F9B9-11D1-A202-0000F81FEDEE} "{66742402-F9B9-11D1-A202-0000F81FEDEE}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{733AC4CB-F1A4-11d0-B951-00A0C90312E1} "WebView MIME Filter" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "URL Exec Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{1B96FAD8-1C10-416E-8027-6EFF94045F6F} "FoxitPDFPreviewHandlerHost Class" - "Foxit Corporation" - C:\Programme\Foxit Software\Foxit Reader\Shell Extensions\FoxitPrevhost.exe
{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} "IntelliType Pro Key Settings Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplkey.dll
{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} "IntelliType Pro Scrolling Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplwhl.dll
{1825D0FA-5B0C-4e20-A929-3EFD15B6DF71} "IntelliType Pro Touchpad Control Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcpltp.dll
{A2569D1F-4E06-43EC-9825-0088B471BE47} "IntelliType Pro Wireless Control Panel Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplwir.dll
{97FA8AA2-EE77-4FF2-9449-424D8924EF21} "IntelliType Pro Zooming Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplzm.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll
{BDAA6E01-669F-4783-8831-1648CEB8A16C} "Phoenix Backup Context Menu Shell Extension" - ? -  (File not found | COM-object registry key not found)
{44176360-2BBF-4EC1-93CE-384B8681A0BC} "Spybot-S&D Explorer Integration" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDECon32.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
DefragglerShellExtension "{4380C993-0C43-4E02-9A7A-0D40B6EA7590}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{7849596a-48ea-486e-8937-a2a3009f31a9} "PostBootReminder object" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
{fbeb8a05-beee-4442-804e-409d6c4515e9} "ShellFolder for CD Burning" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{4D5C8C25-D075-11D0-B416-00C04FB90376} "&Tipps und Tricks" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} "File Search Explorer Band" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{EFA24E62-B078-11D0-89E4-00C04FC9E26E} "History Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Links" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244713437203
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204
{6414512B-B978-451D-A0D8-FCFDF33E833C} "WUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\wuweb.dll / hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194093786750
{166B1BCA-3F9C-11CF-8075-444553540000} "{166B1BCA-3F9C-11CF-8075-444553540000}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "{D27CDB6E-AE6D-11CF-96B8-444553540000}" - ? -  (File not found | COM-object registry key not found) /
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) /
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} "ClsidExtension" - ? -  (File not found | COM-object registry key not found)
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll
{2B171655-A69C-5c18-B693-6CB5DC269D41} "FVD Suite Toolbar" - "www.flashvideodownloader.org/fvd-suite/" - C:\Programme\FVD Suite\addons\IE\FVDToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll
{7C7A8947-5935-4430-AC0E-E7D04697414E} "Buyertools" - ? - C:\PROGRA~1\Buyertools Reminder\IEButtonBuyertoolsInterface.dll  (File found, but it contains no detailed information)
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
{1536BA74-8625-4240-99B0-BE65883689C8} "Mediaplayer" - ? - C:\Programme\Mediapiraten\Mediapiraten\IEButtonMPInterface.dll  (File found, but it contains no detailed information)
{2B171655-A69C-5c18-B693-6CB5DC269D44} "Open FVD Suite Toolbar" - "www.flashvideodownloader.org/fvd-suite/" - C:\Programme\FVD Suite\addons\IE\FVDToolbar.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "{E7E6F031-17CE-4C07-BC86-EABFE594F69C}" - ? -  (File not found | COM-object registry key not found)

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"shell32" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
"url" - "Microsoft Corporation" - C:\WINDOWS\system32\url.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Ralink Wireless Utility.lnk" - "Ralink Technology, Corp." - C:\Programme\RALINK\Common\RaUI.exe  (Shortcut exists | File exists)
"Secunia PSI Tray.lnk" - "Secunia" - C:\Programme\Secunia\PSI\psi_tray.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Roman\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"RocketDock" - ? - "C:\Programme\RocketDock\RocketDock.exe"  (File found, but it contains no detailed information)
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Shell" - "Microsoft Corporation" - C:\WINDOWS\Explorer.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"IntelliPoint" - "Microsoft Corporation" - "C:\Programme\Microsoft IntelliPoint\ipoint.exe"
"MedionVFD" - "Dritek System Inc." - "C:\Programme\Medion Info Display\MdionLCM.exe"
"Samsung PanelMgr" - ? - C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
"SDTray" - "Safer-Networking Ltd." - "C:\Programme\Spybot - Search & Destroy 2\SDTray.exe"
"Start WingMan Profiler" - "Logitech Inc." - C:\Programme\Logitech\Gaming Software\LWEMon.exe /noui
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"1und1 Fax Monitor" - "1&1 Internet AG" - C:\WINDOWS\system32\UI1&1MON.DLL
"Canon BJ Language Monitor S820" - "CANON INC." - C:\WINDOWS\system32\CNMLM3k.DLL
"FRITZ!fax Color Monitor" - ? - FritzVistaColorMon.dll  (File not found)
"FRITZ!fax Color Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzColorPort.dll
"FRITZ!fax Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzPort.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
"CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
"CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe
"CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
"Folder Size" (FolderSize) - "Brio" - C:\Programme\FolderSize\FolderSizeSvc.exe
"Java Quick Starter" (JavaQuickStarterService) - "Oracle Corporation" - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
"Poweroff" (Poweroff) - "Jorgen Bosman" - C:\WINDOWS\system32\poweroff.exe
"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Programme\Secunia\PSI\PSIA.exe
"Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Programme\Secunia\PSI\sua.exe
"Spybot-S&D 2 Scanner Service" (SDScannerService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
"Spybot-S&D 2 Updating Service" (SDUpdateService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
"ThreatFire" (ThreatFire) - "PC Tools" - C:\Programme\ThreatFire\TFService.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows7FirewallService" (Windows7FirewallService) - "Sphinx Software" - C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"AtiExtEvent" - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]

Polarbär 29.07.2012 14:23
Gmer 1:teil

Zitat:
gmer 1.0.15.15641 - hxxp://www.gmer.net
rootkit scan 2012-07-29 14:54:42
windows 5.1.2600 service pack 2 harddisk0\dr0 -> \device\ide\idedevicep1t0l0-17 st3250823as rev.3.03
running: U43koo52.exe; driver: C:\dokume~1\roman\lokale~1\temp\ugtdapoc.sys


---- system - gmer 1.0.15 ----

ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwaddbootentry [0xabc4e536]
ssdt \systemroot\system32\drivers\aswsp.sys (avast! Self protection module/avast software) zwallocatevirtualmemory [0xabd1f7ba]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwassignprocesstojobobject [0xabc4ef52]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwclose [0xabc8ec31]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwcreateevent [0xabc59d7a]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwcreateeventpair [0xabc59dc6]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwcreateiocompletion [0xabc59f48]
ssdt tfsysmon.sys (threatfire system monitor/pc tools) zwcreatekey [0xf72bea1c]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwcreatemutant [0xabc59ce8]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwcreatesection [0xabc59e0a]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwcreatesemaphore [0xabc59d30]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwcreatethread [0xabc4f146]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwcreatetimer [0xabc59f02]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwdebugactiveprocess [0xabc4f8ca]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwdeletebootentry [0xabc4e584]
ssdt tfsysmon.sys (threatfire system monitor/pc tools) zwdeletekey [0xf72bec10]
ssdt tfsysmon.sys (threatfire system monitor/pc tools) zwdeletevaluekey [0xf72becb6]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwduplicateobject [0xabc52f36]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwenumeratekey [0xabc8f162]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwenumeratevaluekey [0xabc8efcd]
ssdt \systemroot\system32\drivers\aswsp.sys (avast! Self protection module/avast software) zwfreevirtualmemory [0xabd1f89e]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwloaddriver [0xabc4e1ec]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwmodifybootentry [0xabc4e5d2]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwnotifychangekey [0xabc532a8]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwnotifychangemultiplekeys [0xabc50292]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwopenevent [0xabc59da4]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwopeneventpair [0xabc59de8]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwopeniocompletion [0xabc59f6c]
ssdt tfsysmon.sys (threatfire system monitor/pc tools) zwopenkey [0xf72be90c]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwopenmutant [0xabc59d0e]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwopenprocess [0xabc52aac]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwopensection [0xabc59e8c]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwopensemaphore [0xabc59d58]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwopenthread [0xabc52cde]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwopentimer [0xabc59f26]
ssdt \systemroot\system32\drivers\aswsp.sys (avast! Self protection module/avast software) zwprotectvirtualmemory [0xabd1fa1e]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwquerykey [0xabc8ee48]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwqueryobject [0xabc5015e]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwqueryvaluekey [0xabc8ec9a]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwqueueapcthread [0xabc4fd08]
ssdt \systemroot\system32\drivers\aswsp.sys (avast! Self protection module/avast software) zwrenamekey [0xabd2b338]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwrestorekey [0xabc8dc58]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwsetbootentryorder [0xabc4e620]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwsetbootoptions [0xabc4e66e]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwsetcontextthread [0xabc4f74a]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwsetsysteminformation [0xabc4e276]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwsetsystempowerstate [0xabc4e426]
ssdt tfsysmon.sys (threatfire system monitor/pc tools) zwsetvaluekey [0xf72bee52]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwshutdownsystem [0xabc4e3cc]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwsuspendprocess [0xabc4fa2c]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwsuspendthread [0xabc4fb88]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwsystemdebugcontrol [0xabc4e496]
ssdt tfsysmon.sys (threatfire system monitor/pc tools) zwterminateprocess [0xf72c0b30]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwterminatethread [0xabc4f5ca]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwvdmcontrol [0xabc4e6bc]
ssdt \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software) zwwritevirtualmemory [0xabc4ef96]

code \systemroot\system32\drivers\aswsp.sys (avast! Self protection module/avast software) zwcreateprocessex [0xabd37744]
code \systemroot\system32\drivers\aswsp.sys (avast! Self protection module/avast software) obinsertobject
code \systemroot\system32\drivers\aswsp.sys (avast! Self protection module/avast software) obmaketemporaryobject

---- kernel code sections - gmer 1.0.15 ----

.text ntkrnlpa.exe!zwcallbackreturn + 2c6c 805044d8 4 bytes jmp 8084f72b
.text ntkrnlpa.exe!zwcallbackreturn + 2c74 805044e0 4 bytes [e8, 9c, c5, ab]
.text ntkrnlpa.exe!zwcallbackreturn + 2da4 80504610 8 bytes [0c, e9, 2b, f7, 0e, 9d, c5, ...]
.text ntkrnlpa.exe!zwcallbackreturn + 2f14 80504780 12 bytes [20, e6, c4, ab, 6e, e6, c4, ...]
.text ntkrnlpa.exe!zwcallbackreturn + 2f89 805047f5 7 bytes [e2, c4, ab, 26, e4, c4, ab]
.text ...
Page ntkrnlpa.exe!zwreplywaitreceiveportex + 5ec 805a533e 4 bytes call abc50943 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
page ntkrnlpa.exe!obmaketemporaryobject 805bb35a 5 bytes jmp abd3461c \systemroot\system32\drivers\aswsp.sys (avast! Self protection module/avast software)
page ntkrnlpa.exe!obinsertobject 805c1c90 5 bytes jmp abd360fe \systemroot\system32\drivers\aswsp.sys (avast! Self protection module/avast software)
page ntkrnlpa.exe!zwcreateprocessex 805cfe96 7 bytes jmp abd37748 \systemroot\system32\drivers\aswsp.sys (avast! Self protection module/avast software)
.xreloc c:\windows\system32\drivers\sfsync04.sys unknown last section [0xf7345000, 0xc5e, 0x40000040]
.text c:\windows\system32\drivers\ati2mtag.sys section is writeable [0xf62f3000, 0xe5cae, 0xe8000020]
.text win32k.sys!engfreeusermem + 674 bf809b45 4 bytes jmp abc548c0 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engfreeusermem + 35d0 bf80caa1 4 bytes jmp abc547b0 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engdeletesurface + 45 bf80fbc0 4 bytes jmp abc5476a \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!brushobj_pvallocrbrush + 11f0 bf81c962 4 bytes jmp abc53e1c \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engpaint + 4ef bf8255ed 4 bytes jmp abc53538 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engunmapfontfilefd + 1e5f bf8341a1 4 bytes jmp abc54a2a \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engunmapfontfilefd + 237d bf8346bf 5 bytes jmp abc54670 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engunmapfontfilefd + 4564 bf8368a6 4 bytes jmp abc54c32 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engunmapfontfilefd + ee3f bf841181 4 bytes jmp abc535a8 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!fontobj_pxogetxform + de42 bf85ad4e 5 bytes jmp abc533fc \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engmuldiv + b5f2 bf8670a0 4 bytes jmp abc53e04 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!xlateobj_ixlate + 3474 bf87111b 4 bytes jmp abc53992 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!xlateobj_ixlate + 34ff bf8711a6 5 bytes jmp abc53c58 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engstretchblt + 35c1 bf87593b 4 bytes jmp abc547fa \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!enggetcurrentcodepage + 35fb bf894195 4 bytes jmp abc53a52 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!enggetcurrentcodepage + 411e bf894cb8 4 bytes jmp abc53c12 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!enggetlasterror + 1606 bf8b1ef6 4 bytes jmp abc53ef6 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!enggradientfill + 3aa1 bf8b6854 4 bytes jmp abc54972 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engstretchbltrop + 33f7 bf8ba1a0 5 bytes jmp abc53ede \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engstretchbltrop + 34b7 bf8ba260 4 bytes jmp abc533e4 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engstretchbltrop + 8a22 bf8bf7cb 4 bytes jmp abc54b90 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engalphablend + 3e8 bf8c333c 5 bytes jmp abc536b8 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engfillpath + 1517 bf8eb97d 4 bytes jmp abc53790 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engfillpath + 1797 bf8ebbfd 5 bytes jmp abc538bc \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engfillpath + b223 bf8f5689 4 bytes jmp abc53e34 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!pathobj_bclosefigure + 19ef bf8f9a43 4 bytes jmp abc532de \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engcreateclip + 19c1 bf913245 5 bytes jmp abc534d4 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engcreateclip + 2595 bf913e19 4 bytes jmp abc53664 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engcreateclip + 4ef4 bf916778 5 bytes jmp abc53d72 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)
.text win32k.sys!engplgblt + 18ec bf94468a 5 bytes jmp abc54ae8 \systemroot\system32\drivers\aswsnx.sys (avast! Virtualization driver/avast software)

---- user code sections - gmer 1.0.15 ----

.text c:\programme\rocketdock\rocketdock.exe[192] ntdll.dll!ntloaddriver 7c91d46e 3 bytes [ff, 25, 1e]
.text c:\programme\rocketdock\rocketdock.exe[192] ntdll.dll!ntloaddriver + 4 7c91d472 2 bytes [22, 71]
.text c:\programme\rocketdock\rocketdock.exe[192] ntdll.dll!ntsuspendprocess 7c91de2e 3 bytes [ff, 25, 1e]
.text c:\programme\rocketdock\rocketdock.exe[192] ntdll.dll!ntsuspendprocess + 4 7c91de32 2 bytes [3a, 71]
.text c:\programme\rocketdock\rocketdock.exe[192] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!deviceiocontrol 7c801629 3 bytes [ff, 25, 1e]
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!deviceiocontrol + 4 7c80162d 2 bytes [aa, 70]
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createfilea 7c801a28 6 bytes jmp 70de000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!virtualprotectex 7c801a61 6 bytes jmp 7126000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!virtualprotect 7c801ad4 6 bytes jmp 70d2000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!loadlibraryexw 7c801af5 6 bytes jmp 716b000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!loadlibrarya 7c801d7b 6 bytes jmp 715f000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!terminateprocess 7c801e1a 6 bytes jmp 7165000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!writeprocessmemory 7c802213 6 bytes jmp 7162000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createprocessw 7c802336 6 bytes jmp 7150000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createprocessa 7c80236b 6 bytes jmp 7153000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!virtualalloc 7c809aa1 6 bytes jmp 70d5000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!multibytetowidechar 7c809c48 6 bytes jmp 707e000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!loadresource 7c80a005 6 bytes jmp 70c0000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!widechartomultibyte 7c80a124 6 bytes jmp 705d000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!getprocaddress 7c80adf0 6 bytes jmp 7114000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!loadlibraryw 7c80ae9b 6 bytes jmp 715c000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createmutexw 7c80e907 6 bytes jmp 7087000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createmutexa 7c80e98f 6 bytes jmp 708a000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!openmutexw 7c80e9e5 6 bytes jmp 7081000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!openmutexa 7c80ea6b 6 bytes jmp 7084000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!getvolumeinformationw 7c80fa35 6 bytes jmp 710e000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createremotethread 7c81047c 3 bytes [ff, 25, 1e]
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createremotethread + 4 7c810480 2 bytes [6d, 71]
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createthread 7c810687 6 bytes jmp 70d8000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createfilew 7c8107b0 6 bytes jmp 70e1000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!writefile 7c810dd7 6 bytes jmp 709c000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!terminatethread 7c81caeb 6 bytes jmp 7138000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!movefilew 7c821211 6 bytes jmp 7057000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createdirectorya 7c82175c 6 bytes jmp 70a2000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!getvolumeinformationa 7c821b55 6 bytes jmp 7111000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!copyfileexw 7c827ae2 6 bytes jmp 70b4000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!copyfilea 7c82869e 6 bytes jmp 70bd000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!copyfilew 7c82f82b 6 bytes jmp 70ba000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!openprocess 7c830999 6 bytes jmp 704e000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!deletefilea 7c831e8d 6 bytes jmp 706f000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!deletefilew 7c831f13 6 bytes jmp 706c000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createdirectoryw 7c8323b2 6 bytes jmp 709f000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!movefileexw 7c83563b 6 bytes jmp 7051000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!movefilea 7c835e6f 6 bytes jmp 705a000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!debugactiveprocess 7c85af93 6 bytes jmp 7135000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!movefileexa 7c85e333 6 bytes jmp 7054000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!copyfileexa 7c85f234 6 bytes jmp 70b7000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!winexec 7c8622b5 6 bytes jmp 7141000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!setthreadcontext 7c8639b1 6 bytes jmp 7099000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!createtoolhelp32snapshot 7c865a27 6 bytes jmp 70db000a
.text c:\programme\rocketdock\rocketdock.exe[192] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!setwindowtextw 7e36bc36 6 bytes jmp 7060000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!getkeystate 7e36c505 6 bytes jmp 7132000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!getwindowtextw 7e36cdb6 6 bytes jmp 70c6000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!drawtextw 7e36d7c2 6 bytes jmp 7078000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!showwindow 7e36d8a4 3 bytes [ff, 25, 1e]
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!showwindow + 4 7e36d8a8 2 bytes [c2, 70]
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!getkeyboardstate 7e36ef29 3 bytes [ff, 25, 1e]
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!getkeyboardstate + 4 7e36ef2d 2 bytes [2b, 71]
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!getasynckeystate 7e36f3b3 6 bytes jmp 712f000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!createwindowexw 7e36fc25 6 bytes jmp 7072000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!createwindowexa 7e36ff33 6 bytes jmp 7075000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!setwindowshookexw 7e37ddb5 6 bytes jmp 7156000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!setwindowtexta 7e37f52b 6 bytes jmp 7063000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!setwindowshookexa 7e3811d1 6 bytes jmp 7159000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!setwineventhook 7e3817b7 6 bytes jmp 711a000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!getwindowtexta 7e38212b 6 bytes jmp 70c9000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!drawtexta 7e38c6ca 6 bytes jmp 707b000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!ddeconnect 7e3a7f93 6 bytes jmp 7129000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!endtask 7e3a9e75 6 bytes jmp 713e000a
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!registerrawinputdevices 7e3bcbd4 3 bytes [ff, 25, 1e]
.text c:\programme\rocketdock\rocketdock.exe[192] user32.dll!registerrawinputdevices + 4 7e3bcbd8 2 bytes [16, 71]
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regopenkeyexw 77da6aaf 6 bytes jmp 70f6000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regqueryvalueexw 77da6fff 6 bytes jmp 70e4000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regcreatekeyexw 77da776c 6 bytes jmp 7108000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regopenkeyexa 77da7852 6 bytes jmp 70f9000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regopenkeyw 77da7946 6 bytes jmp 70fc000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!openprocesstoken 77da798b 6 bytes jmp 7096000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regqueryvalueexa 77da7abb 6 bytes jmp 70e7000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regsetvalueexw 77dad747 6 bytes jmp 70f0000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regqueryvaluew 77dad85a 6 bytes jmp 70ea000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regcreatekeyexa 77dae9d4 6 bytes jmp 710b000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regsetvalueexa 77daeac7 6 bytes jmp 70f3000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regopenkeya 77daefa8 6 bytes jmp 70ff000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!adjusttokenprivileges 77daefec 6 bytes jmp 708d000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regdeletekeya 77db4288 6 bytes jmp 7069000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regdeletekeyw 77db5583 6 bytes jmp 7066000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!openscmanagerw 77db6f3d 6 bytes jmp 70cc000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!openscmanagera 77dc6996 6 bytes jmp 70cf000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!lookupprivilegevaluew 77dcb8c7 6 bytes jmp 7090000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regcreatekeyw 77dcba3d 6 bytes jmp 7102000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regqueryvaluea 77dcbb75 4 bytes jmp ec001e25
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regqueryvaluea + 5 77dcbb7a 1 byte [70]
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!regcreatekeya 77dcbcdb 6 bytes jmp 7105000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!lookupprivilegevaluea 77dcc220 6 bytes jmp 7093000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!lsaremoveaccountrights 77deab91 6 bytes jmp 7168000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!createservicea 77e07359 6 bytes jmp 7120000a
.text c:\programme\rocketdock\rocketdock.exe[192] advapi32.dll!createservicew 77e074f1 6 bytes jmp 711d000a
.text c:\programme\rocketdock\rocketdock.exe[192] shell32.dll!shellexecuteexw 7e6b25d3 6 bytes jmp 7144000a
.text c:\programme\rocketdock\rocketdock.exe[192] shell32.dll!shell_notifyicon 7e6d18be 6 bytes jmp 70b1000a
.text c:\programme\rocketdock\rocketdock.exe[192] shell32.dll!shell_notifyiconw 7e6d62a5 6 bytes jmp 70ae000a
.text c:\programme\rocketdock\rocketdock.exe[192] shell32.dll!shellexecuteex 7e6f0e95 6 bytes jmp 7147000a
.text c:\programme\rocketdock\rocketdock.exe[192] shell32.dll!shellexecutea 7e6f11c0 6 bytes jmp 714d000a
.text c:\programme\rocketdock\rocketdock.exe[192] shell32.dll!shellexecutew 7e7659d0 6 bytes jmp 714a000a
.text c:\programme\rocketdock\rocketdock.exe[192] wininet.dll!internetconnecta 408cdeae 6 bytes jmp 704b000a
.text c:\programme\rocketdock\rocketdock.exe[192] wininet.dll!internetopenurla 408df3a4 6 bytes jmp 70a8000a
.text c:\programme\rocketdock\rocketdock.exe[192] wininet.dll!internetopenurlw 40926ddf 6 bytes jmp 70a5000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] ntdll.dll!ntloaddriver 7c91d46e 3 bytes [ff, 25, 1e]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] ntdll.dll!ntloaddriver + 4 7c91d472 2 bytes [22, 71]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] ntdll.dll!ntsuspendprocess 7c91de2e 3 bytes [ff, 25, 1e]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] ntdll.dll!ntsuspendprocess + 4 7c91de32 2 bytes [3a, 71]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!deviceiocontrol 7c801629 3 bytes [ff, 25, 1e]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!deviceiocontrol + 4 7c80162d 2 bytes [aa, 70]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createfilea 7c801a28 6 bytes jmp 70de000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!virtualprotectex 7c801a61 6 bytes jmp 7126000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!virtualprotect 7c801ad4 6 bytes jmp 70d2000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!loadlibraryexw 7c801af5 6 bytes jmp 716b000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!loadlibrarya 7c801d7b 6 bytes jmp 715f000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!terminateprocess 7c801e1a 6 bytes jmp 7165000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!writeprocessmemory 7c802213 6 bytes jmp 7162000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createprocessw 7c802336 6 bytes jmp 7150000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createprocessa 7c80236b 6 bytes jmp 7153000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!virtualalloc 7c809aa1 6 bytes jmp 70d5000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!multibytetowidechar 7c809c48 6 bytes jmp 7084000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!loadresource 7c80a005 6 bytes jmp 70c0000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!widechartomultibyte 7c80a124 6 bytes jmp 7063000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!getprocaddress 7c80adf0 6 bytes jmp 7114000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!loadlibraryw 7c80ae9b 6 bytes jmp 715c000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createmutexw 7c80e907 6 bytes jmp 708d000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createmutexa 7c80e98f 6 bytes jmp 7090000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!openmutexw 7c80e9e5 6 bytes jmp 7087000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!openmutexa 7c80ea6b 6 bytes jmp 708a000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!getvolumeinformationw 7c80fa35 6 bytes jmp 710e000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createremotethread 7c81047c 3 bytes [ff, 25, 1e]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createremotethread + 4 7c810480 2 bytes [6d, 71]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createthread 7c810687 6 bytes jmp 70d8000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createfilew 7c8107b0 6 bytes jmp 70e1000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!writefile 7c810dd7 6 bytes jmp 70a2000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!terminatethread 7c81caeb 6 bytes jmp 7138000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!movefilew 7c821211 6 bytes jmp 705d000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createdirectorya 7c82175c 6 bytes jmp 70a8000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!getvolumeinformationa 7c821b55 6 bytes jmp 7111000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!copyfileexw 7c827ae2 6 bytes jmp 70b4000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!copyfilea 7c82869e 6 bytes jmp 70bd000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!copyfilew 7c82f82b 6 bytes jmp 70ba000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!openprocess 7c830999 6 bytes jmp 7054000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!deletefilea 7c831e8d 6 bytes jmp 7075000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!deletefilew 7c831f13 6 bytes jmp 7072000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createdirectoryw 7c8323b2 6 bytes jmp 70a5000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!movefileexw 7c83563b 6 bytes jmp 7057000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!movefilea 7c835e6f 6 bytes jmp 7060000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!debugactiveprocess 7c85af93 6 bytes jmp 7135000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!movefileexa 7c85e333 6 bytes jmp 705a000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!copyfileexa 7c85f234 6 bytes jmp 70b7000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!winexec 7c8622b5 6 bytes jmp 7141000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!setthreadcontext 7c8639b1 6 bytes jmp 709f000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!createtoolhelp32snapshot 7c865a27 6 bytes jmp 70db000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regopenkeyexw 77da6aaf 6 bytes jmp 70f6000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regqueryvalueexw 77da6fff 6 bytes jmp 70e4000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regcreatekeyexw 77da776c 6 bytes jmp 7108000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regopenkeyexa 77da7852 6 bytes jmp 70f9000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regopenkeyw 77da7946 6 bytes jmp 70fc000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!openprocesstoken 77da798b 6 bytes jmp 709c000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regqueryvalueexa 77da7abb 6 bytes jmp 70e7000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regsetvalueexw 77dad747 6 bytes jmp 70f0000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regqueryvaluew 77dad85a 6 bytes jmp 70ea000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regcreatekeyexa 77dae9d4 6 bytes jmp 710b000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regsetvalueexa 77daeac7 6 bytes jmp 70f3000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regopenkeya 77daefa8 6 bytes jmp 70ff000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!adjusttokenprivileges 77daefec 6 bytes jmp 7093000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regdeletekeya 77db4288 6 bytes jmp 706f000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regdeletekeyw 77db5583 6 bytes jmp 706c000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!openscmanagerw 77db6f3d 6 bytes jmp 70cc000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!openscmanagera 77dc6996 6 bytes jmp 70cf000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!lookupprivilegevaluew 77dcb8c7 6 bytes jmp 7096000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regcreatekeyw 77dcba3d 6 bytes jmp 7102000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regqueryvaluea 77dcbb75 4 bytes jmp ec001e25
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regqueryvaluea + 5 77dcbb7a 1 byte [70]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!regcreatekeya 77dcbcdb 6 bytes jmp 7105000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!lookupprivilegevaluea 77dcc220 6 bytes jmp 7099000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!lsaremoveaccountrights 77deab91 6 bytes jmp 7168000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!createservicea 77e07359 6 bytes jmp 7120000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] advapi32.dll!createservicew 77e074f1 6 bytes jmp 711d000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!setwindowtextw 7e36bc36 6 bytes jmp 7066000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!getkeystate 7e36c505 6 bytes jmp 7132000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!getwindowtextw 7e36cdb6 6 bytes jmp 70c6000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!drawtextw 7e36d7c2 6 bytes jmp 707e000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!showwindow 7e36d8a4 3 bytes [ff, 25, 1e]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!showwindow + 4 7e36d8a8 2 bytes [c2, 70]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!getkeyboardstate 7e36ef29 3 bytes [ff, 25, 1e]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!getkeyboardstate + 4 7e36ef2d 2 bytes [2b, 71]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!getasynckeystate 7e36f3b3 6 bytes jmp 712f000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!createwindowexw 7e36fc25 6 bytes jmp 7078000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!createwindowexa 7e36ff33 6 bytes jmp 707b000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!setwindowshookexw 7e37ddb5 6 bytes jmp 7156000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!setwindowtexta 7e37f52b 6 bytes jmp 7069000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!setwindowshookexa 7e3811d1 6 bytes jmp 7159000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!setwineventhook 7e3817b7 6 bytes jmp 711a000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!getwindowtexta 7e38212b 6 bytes jmp 70c9000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!drawtexta 7e38c6ca 6 bytes jmp 7081000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!ddeconnect 7e3a7f93 6 bytes jmp 7129000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!endtask 7e3a9e75 6 bytes jmp 713e000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!registerrawinputdevices 7e3bcbd4 3 bytes [ff, 25, 1e]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] user32.dll!registerrawinputdevices + 4 7e3bcbd8 2 bytes [16, 71]
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] shell32.dll!shellexecuteexw 7e6b25d3 6 bytes jmp 7144000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] shell32.dll!shell_notifyicon 7e6d18be 6 bytes jmp 70b1000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] shell32.dll!shell_notifyiconw 7e6d62a5 6 bytes jmp 70ae000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] shell32.dll!shellexecuteex 7e6f0e95 6 bytes jmp 7147000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] shell32.dll!shellexecutea 7e6f11c0 6 bytes jmp 714d000a
.text c:\programme\oracle\javafx 2.1 runtime\bin\jqs.exe[296] shell32.dll!shellexecutew 7e7659d0 6 bytes jmp 714a000a
.text c:\windows\explorer.exe[332] ntdll.dll!ntloaddriver 7c91d46e 3 bytes [ff, 25, 1e]
.text c:\windows\explorer.exe[332] ntdll.dll!ntloaddriver + 4 7c91d472 2 bytes [22, 71]
.text c:\windows\explorer.exe[332] ntdll.dll!ntsuspendprocess 7c91de2e 3 bytes [ff, 25, 1e]
.text c:\windows\explorer.exe[332] ntdll.dll!ntsuspendprocess + 4 7c91de32 2 bytes [3a, 71]
.text c:\windows\explorer.exe[332] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\windows\explorer.exe[332] kernel32.dll!deviceiocontrol 7c801629 3 bytes [ff, 25, 1e]
.text c:\windows\explorer.exe[332] kernel32.dll!deviceiocontrol + 4 7c80162d 2 bytes [aa, 70]
.text c:\windows\explorer.exe[332] kernel32.dll!createfilea 7c801a28 6 bytes jmp 70de000a
.text c:\windows\explorer.exe[332] kernel32.dll!virtualprotectex 7c801a61 6 bytes jmp 7126000a
.text c:\windows\explorer.exe[332] kernel32.dll!virtualprotect 7c801ad4 6 bytes jmp 70d2000a
.text c:\windows\explorer.exe[332] kernel32.dll!loadlibraryexw 7c801af5 6 bytes jmp 716b000a
.text c:\windows\explorer.exe[332] kernel32.dll!loadlibrarya 7c801d7b 6 bytes jmp 715f000a
.text c:\windows\explorer.exe[332] kernel32.dll!terminateprocess 7c801e1a 6 bytes jmp 7165000a
.text c:\windows\explorer.exe[332] kernel32.dll!writeprocessmemory 7c802213 6 bytes jmp 7162000a
.text c:\windows\explorer.exe[332] kernel32.dll!createprocessw 7c802336 6 bytes jmp 7150000a
.text c:\windows\explorer.exe[332] kernel32.dll!createprocessa 7c80236b 6 bytes jmp 7153000a
.text c:\windows\explorer.exe[332] kernel32.dll!virtualalloc 7c809aa1 6 bytes jmp 70d5000a
.text c:\windows\explorer.exe[332] kernel32.dll!multibytetowidechar 7c809c48 6 bytes jmp 707e000a
.text c:\windows\explorer.exe[332] kernel32.dll!loadresource 7c80a005 6 bytes jmp 70c0000a
.text c:\windows\explorer.exe[332] kernel32.dll!widechartomultibyte 7c80a124 6 bytes jmp 705d000a
.text c:\windows\explorer.exe[332] kernel32.dll!getprocaddress 7c80adf0 6 bytes jmp 7114000a
.text c:\windows\explorer.exe[332] kernel32.dll!loadlibraryw 7c80ae9b 6 bytes jmp 715c000a
.text c:\windows\explorer.exe[332] kernel32.dll!createmutexw 7c80e907 6 bytes jmp 7087000a
.text c:\windows\explorer.exe[332] kernel32.dll!createmutexa 7c80e98f 6 bytes jmp 708a000a
.text c:\windows\explorer.exe[332] kernel32.dll!openmutexw 7c80e9e5 6 bytes jmp 7081000a
.text c:\windows\explorer.exe[332] kernel32.dll!openmutexa 7c80ea6b 6 bytes jmp 7084000a
.text c:\windows\explorer.exe[332] kernel32.dll!getvolumeinformationw 7c80fa35 6 bytes jmp 710e000a
.text c:\windows\explorer.exe[332] kernel32.dll!createremotethread 7c81047c 3 bytes [ff, 25, 1e]
.text c:\windows\explorer.exe[332] kernel32.dll!createremotethread + 4 7c810480 2 bytes [6d, 71]
.text c:\windows\explorer.exe[332] kernel32.dll!createthread 7c810687 6 bytes jmp 70d8000a
.text c:\windows\explorer.exe[332] kernel32.dll!createfilew 7c8107b0 6 bytes jmp 70e1000a
.text c:\windows\explorer.exe[332] kernel32.dll!writefile 7c810dd7 6 bytes jmp 709c000a
.text c:\windows\explorer.exe[332] kernel32.dll!terminatethread 7c81caeb 6 bytes jmp 7138000a
.text c:\windows\explorer.exe[332] kernel32.dll!movefilew 7c821211 6 bytes jmp 7057000a
.text c:\windows\explorer.exe[332] kernel32.dll!createdirectorya 7c82175c 6 bytes jmp 70a2000a
.text c:\windows\explorer.exe[332] kernel32.dll!getvolumeinformationa 7c821b55 6 bytes jmp 7111000a
.text c:\windows\explorer.exe[332] kernel32.dll!copyfileexw 7c827ae2 6 bytes jmp 70b4000a
.text c:\windows\explorer.exe[332] kernel32.dll!copyfilea 7c82869e 6 bytes jmp 70bd000a
.text c:\windows\explorer.exe[332] kernel32.dll!copyfilew 7c82f82b 6 bytes jmp 70ba000a
.text c:\windows\explorer.exe[332] kernel32.dll!openprocess 7c830999 6 bytes jmp 704e000a
.text c:\windows\explorer.exe[332] kernel32.dll!deletefilea 7c831e8d 6 bytes jmp 706f000a
.text c:\windows\explorer.exe[332] kernel32.dll!deletefilew 7c831f13 6 bytes jmp 706c000a
.text c:\windows\explorer.exe[332] kernel32.dll!createdirectoryw 7c8323b2 6 bytes jmp 709f000a
.text c:\windows\explorer.exe[332] kernel32.dll!movefileexw 7c83563b 6 bytes jmp 7051000a
.text c:\windows\explorer.exe[332] kernel32.dll!movefilea 7c835e6f 6 bytes jmp 705a000a
.text c:\windows\explorer.exe[332] kernel32.dll!debugactiveprocess 7c85af93 6 bytes jmp 7135000a
.text c:\windows\explorer.exe[332] kernel32.dll!movefileexa 7c85e333 6 bytes jmp 7054000a
.text c:\windows\explorer.exe[332] kernel32.dll!copyfileexa 7c85f234 6 bytes jmp 70b7000a
.text c:\windows\explorer.exe[332] kernel32.dll!winexec 7c8622b5 6 bytes jmp 7141000a
.text c:\windows\explorer.exe[332] kernel32.dll!setthreadcontext 7c8639b1 6 bytes jmp 7099000a
.text c:\windows\explorer.exe[332] kernel32.dll!createtoolhelp32snapshot 7c865a27 6 bytes jmp 70db000a
.text c:\windows\explorer.exe[332] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\windows\explorer.exe[332] advapi32.dll!regopenkeyexw 77da6aaf 6 bytes jmp 70f6000a
.text c:\windows\explorer.exe[332] advapi32.dll!regqueryvalueexw 77da6fff 6 bytes jmp 70e4000a
.text c:\windows\explorer.exe[332] advapi32.dll!regcreatekeyexw 77da776c 6 bytes jmp 7108000a
.text c:\windows\explorer.exe[332] advapi32.dll!regopenkeyexa 77da7852 6 bytes jmp 70f9000a
.text c:\windows\explorer.exe[332] advapi32.dll!regopenkeyw 77da7946 6 bytes jmp 70fc000a
.text c:\windows\explorer.exe[332] advapi32.dll!openprocesstoken 77da798b 6 bytes jmp 7096000a
.text c:\windows\explorer.exe[332] advapi32.dll!regqueryvalueexa 77da7abb 6 bytes jmp 70e7000a
.text c:\windows\explorer.exe[332] advapi32.dll!regsetvalueexw 77dad747 6 bytes jmp 70f0000a
.text c:\windows\explorer.exe[332] advapi32.dll!regqueryvaluew 77dad85a 6 bytes jmp 70ea000a
.text c:\windows\explorer.exe[332] advapi32.dll!regcreatekeyexa 77dae9d4 6 bytes jmp 710b000a
.text c:\windows\explorer.exe[332] advapi32.dll!regsetvalueexa 77daeac7 6 bytes jmp 70f3000a
.text c:\windows\explorer.exe[332] advapi32.dll!regopenkeya 77daefa8 6 bytes jmp 70ff000a
.text c:\windows\explorer.exe[332] advapi32.dll!adjusttokenprivileges 77daefec 6 bytes jmp 708d000a
.text c:\windows\explorer.exe[332] advapi32.dll!regdeletekeya 77db4288 6 bytes jmp 7069000a
.text c:\windows\explorer.exe[332] advapi32.dll!regdeletekeyw 77db5583 6 bytes jmp 7066000a
.text c:\windows\explorer.exe[332] advapi32.dll!openscmanagerw 77db6f3d 6 bytes jmp 70cc000a
.text c:\windows\explorer.exe[332] advapi32.dll!openscmanagera 77dc6996 6 bytes jmp 70cf000a
.text c:\windows\explorer.exe[332] advapi32.dll!lookupprivilegevaluew 77dcb8c7 6 bytes jmp 7090000a
.text c:\windows\explorer.exe[332] advapi32.dll!regcreatekeyw 77dcba3d 6 bytes jmp 7102000a
.text c:\windows\explorer.exe[332] advapi32.dll!regqueryvaluea 77dcbb75 4 bytes jmp ec001e25
.text c:\windows\explorer.exe[332] advapi32.dll!regqueryvaluea + 5 77dcbb7a 1 byte [70]
.text c:\windows\explorer.exe[332] advapi32.dll!regcreatekeya 77dcbcdb 6 bytes jmp 7105000a
.text c:\windows\explorer.exe[332] advapi32.dll!lookupprivilegevaluea 77dcc220 6 bytes jmp 7093000a
.text c:\windows\explorer.exe[332] advapi32.dll!lsaremoveaccountrights 77deab91 6 bytes jmp 7168000a
.text c:\windows\explorer.exe[332] advapi32.dll!createservicea 77e07359 6 bytes jmp 7120000a
.text c:\windows\explorer.exe[332] advapi32.dll!createservicew 77e074f1 6 bytes jmp 711d000a
.text c:\windows\explorer.exe[332] user32.dll!setwindowtextw 7e36bc36 6 bytes jmp 7060000a
.text c:\windows\explorer.exe[332] user32.dll!getkeystate 7e36c505 6 bytes jmp 7132000a
.text c:\windows\explorer.exe[332] user32.dll!getwindowtextw 7e36cdb6 6 bytes jmp 70c6000a
.text c:\windows\explorer.exe[332] user32.dll!drawtextw 7e36d7c2 6 bytes jmp 7078000a
.text c:\windows\explorer.exe[332] user32.dll!showwindow 7e36d8a4 3 bytes [ff, 25, 1e]
.text c:\windows\explorer.exe[332] user32.dll!showwindow + 4 7e36d8a8 2 bytes [c2, 70]
.text c:\windows\explorer.exe[332] user32.dll!getkeyboardstate 7e36ef29 3 bytes [ff, 25, 1e]
.text c:\windows\explorer.exe[332] user32.dll!getkeyboardstate + 4 7e36ef2d 2 bytes [2b, 71]
.text c:\windows\explorer.exe[332] user32.dll!getasynckeystate 7e36f3b3 6 bytes jmp 712f000a
.text c:\windows\explorer.exe[332] user32.dll!createwindowexw 7e36fc25 6 bytes jmp 7072000a
.text c:\windows\explorer.exe[332] user32.dll!createwindowexa 7e36ff33 6 bytes jmp 7075000a
.text c:\windows\explorer.exe[332] user32.dll!setwindowshookexw 7e37ddb5 6 bytes jmp 7156000a
.text c:\windows\explorer.exe[332] user32.dll!setwindowtexta 7e37f52b 6 bytes jmp 7063000a
.text c:\windows\explorer.exe[332] user32.dll!setwindowshookexa 7e3811d1 6 bytes jmp 7159000a
.text c:\windows\explorer.exe[332] user32.dll!setwineventhook 7e3817b7 6 bytes jmp 711a000a
.text c:\windows\explorer.exe[332] user32.dll!getwindowtexta 7e38212b 6 bytes jmp 70c9000a
.text c:\windows\explorer.exe[332] user32.dll!drawtexta 7e38c6ca 6 bytes jmp 707b000a
.text c:\windows\explorer.exe[332] user32.dll!ddeconnect 7e3a7f93 6 bytes jmp 7129000a
.text c:\windows\explorer.exe[332] user32.dll!endtask 7e3a9e75 6 bytes jmp 713e000a
.text c:\windows\explorer.exe[332] user32.dll!registerrawinputdevices 7e3bcbd4 3 bytes [ff, 25, 1e]
.text c:\windows\explorer.exe[332] user32.dll!registerrawinputdevices + 4 7e3bcbd8 2 bytes [16, 71]
.text c:\windows\explorer.exe[332] wininet.dll!internetconnecta 408cdeae 6 bytes jmp 704b000a
.text c:\windows\explorer.exe[332] wininet.dll!internetopenurla 408df3a4 6 bytes jmp 70a8000a
.text c:\windows\explorer.exe[332] wininet.dll!internetopenurlw 40926ddf 6 bytes jmp 70a5000a
.text c:\windows\explorer.exe[332] shell32.dll!shellexecuteexw 7e6b25d3 6 bytes jmp 7144000a
.text c:\windows\explorer.exe[332] shell32.dll!shell_notifyicon 7e6d18be 6 bytes jmp 70b1000a
.text c:\windows\explorer.exe[332] shell32.dll!shell_notifyiconw 7e6d62a5 6 bytes jmp 70ae000a
.text c:\windows\explorer.exe[332] shell32.dll!shellexecuteex 7e6f0e95 6 bytes jmp 7147000a
.text c:\windows\explorer.exe[332] shell32.dll!shellexecutea 7e6f11c0 6 bytes jmp 714d000a
.text c:\windows\explorer.exe[332] shell32.dll!shellexecutew 7e7659d0 6 bytes jmp 714a000a
.text c:\windows\system32\poweroff.exe[592] ntdll.dll!ntloaddriver 7c91d46e 3 bytes [ff, 25, 1e]

Polarbär 29.07.2012 14:26
GMER 2:Teil
Zitat:
.text C:\WINDOWS\system32\poweroff.exe[592] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\poweroff.exe[592] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\poweroff.exe[592] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\poweroff.exe[592] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\poweroff.exe[592] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\poweroff.exe[592] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\poweroff.exe[592] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\poweroff.exe[592] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\poweroff.exe[592] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\poweroff.exe[592] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\poweroff.exe[592] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\poweroff.exe[592] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\poweroff.exe[592] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\smss.exe[600] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 707E000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 705D000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 7087000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 708A000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7081000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 7084000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 709C000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 7057000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A2000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 704E000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 706F000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 706C000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 709F000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7051000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 705A000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 7054000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 7099000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 7096000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 708D000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 7069000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 7066000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7090000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7093000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7060000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 7078000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7072000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 7075000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7063000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 707B000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] shell32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] shell32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] shell32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] shell32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] shell32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] shell32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] wininet.dll!InternetConnectA 408CDEAE 6 Bytes JMP 704B000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] wininet.dll!InternetOpenUrlA 408DF3A4 6 Bytes JMP 70A8000A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[692] wininet.dll!InternetOpenUrlW 40926DDF 6 Bytes JMP 70A5000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\Programme\Logitech\Gaming Software\LWEMon.exe[700] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\Dokumente und Einstellungen\Roman\Desktop\u43koo52.exe[792] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Dokumente und Einstellungen\Roman\Desktop\u43koo52.exe[792] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE[800] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\Programme\Medion Info Display\MdionLCM.exe[812] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text

Polarbär 29.07.2012 14:27
Gmer 3:teil
Zitat:
c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!openmutexw 7c80e9e5 6 bytes jmp 7087000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!openmutexa 7c80ea6b 6 bytes jmp 708a000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!getvolumeinformationw 7c80fa35 6 bytes jmp 710e000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!createremotethread 7c81047c 3 bytes [ff, 25, 1e]
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!createremotethread + 4 7c810480 2 bytes [6d, 71]
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!createthread 7c810687 6 bytes jmp 70d8000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!createfilew 7c8107b0 6 bytes jmp 70e1000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!writefile 7c810dd7 6 bytes jmp 70a2000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!terminatethread 7c81caeb 6 bytes jmp 7138000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!movefilew 7c821211 6 bytes jmp 705d000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!createdirectorya 7c82175c 6 bytes jmp 70a8000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!getvolumeinformationa 7c821b55 6 bytes jmp 7111000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!copyfileexw 7c827ae2 6 bytes jmp 70b4000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!copyfilea 7c82869e 6 bytes jmp 70bd000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!copyfilew 7c82f82b 6 bytes jmp 70ba000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!openprocess 7c830999 6 bytes jmp 7054000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!deletefilea 7c831e8d 6 bytes jmp 7075000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!deletefilew 7c831f13 6 bytes jmp 7072000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!createdirectoryw 7c8323b2 6 bytes jmp 70a5000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!movefileexw 7c83563b 6 bytes jmp 7057000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!movefilea 7c835e6f 6 bytes jmp 7060000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!debugactiveprocess 7c85af93 6 bytes jmp 7135000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!movefileexa 7c85e333 6 bytes jmp 705a000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!copyfileexa 7c85f234 6 bytes jmp 70b7000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!winexec 7c8622b5 6 bytes jmp 7141000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!setthreadcontext 7c8639b1 6 bytes jmp 709f000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!createtoolhelp32snapshot 7c865a27 6 bytes jmp 70db000a
.text c:\programme\medion info display\mdionlcm.exe[812] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!setwindowtextw 7e36bc36 6 bytes jmp 7066000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!getkeystate 7e36c505 6 bytes jmp 7132000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!getwindowtextw 7e36cdb6 6 bytes jmp 70c6000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!drawtextw 7e36d7c2 6 bytes jmp 707e000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!showwindow 7e36d8a4 3 bytes [ff, 25, 1e]
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!showwindow + 4 7e36d8a8 2 bytes [c2, 70]
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!getkeyboardstate 7e36ef29 3 bytes [ff, 25, 1e]
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!getkeyboardstate + 4 7e36ef2d 2 bytes [2b, 71]
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!getasynckeystate 7e36f3b3 6 bytes jmp 712f000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!createwindowexw 7e36fc25 6 bytes jmp 7078000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!createwindowexa 7e36ff33 6 bytes jmp 707b000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!setwindowshookexw 7e37ddb5 6 bytes jmp 7156000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!setwindowtexta 7e37f52b 6 bytes jmp 7069000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!setwindowshookexa 7e3811d1 6 bytes jmp 7159000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!setwineventhook 7e3817b7 6 bytes jmp 711a000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!getwindowtexta 7e38212b 6 bytes jmp 70c9000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!drawtexta 7e38c6ca 6 bytes jmp 7081000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!ddeconnect 7e3a7f93 6 bytes jmp 7129000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!endtask 7e3a9e75 6 bytes jmp 713e000a
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!registerrawinputdevices 7e3bcbd4 3 bytes [ff, 25, 1e]
.text c:\programme\medion info display\mdionlcm.exe[812] user32.dll!registerrawinputdevices + 4 7e3bcbd8 2 bytes [16, 71]
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regopenkeyexw 77da6aaf 6 bytes jmp 70f6000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regqueryvalueexw 77da6fff 6 bytes jmp 70e4000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regcreatekeyexw 77da776c 6 bytes jmp 7108000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regopenkeyexa 77da7852 6 bytes jmp 70f9000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regopenkeyw 77da7946 6 bytes jmp 70fc000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!openprocesstoken 77da798b 6 bytes jmp 709c000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regqueryvalueexa 77da7abb 6 bytes jmp 70e7000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regsetvalueexw 77dad747 6 bytes jmp 70f0000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regqueryvaluew 77dad85a 6 bytes jmp 70ea000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regcreatekeyexa 77dae9d4 6 bytes jmp 710b000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regsetvalueexa 77daeac7 6 bytes jmp 70f3000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regopenkeya 77daefa8 6 bytes jmp 70ff000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!adjusttokenprivileges 77daefec 6 bytes jmp 7093000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regdeletekeya 77db4288 6 bytes jmp 706f000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regdeletekeyw 77db5583 6 bytes jmp 706c000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!openscmanagerw 77db6f3d 6 bytes jmp 70cc000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!openscmanagera 77dc6996 6 bytes jmp 70cf000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!lookupprivilegevaluew 77dcb8c7 6 bytes jmp 7096000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regcreatekeyw 77dcba3d 6 bytes jmp 7102000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regqueryvaluea 77dcbb75 4 bytes jmp ec001e25
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regqueryvaluea + 5 77dcbb7a 1 byte [70]
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!regcreatekeya 77dcbcdb 6 bytes jmp 7105000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!lookupprivilegevaluea 77dcc220 6 bytes jmp 7099000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!lsaremoveaccountrights 77deab91 6 bytes jmp 7168000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!createservicea 77e07359 6 bytes jmp 7120000a
.text c:\programme\medion info display\mdionlcm.exe[812] advapi32.dll!createservicew 77e074f1 6 bytes jmp 711d000a
.text c:\programme\medion info display\mdionlcm.exe[812] shell32.dll!shellexecuteexw 7e6b25d3 6 bytes jmp 7144000a
.text c:\programme\medion info display\mdionlcm.exe[812] shell32.dll!shell_notifyicon 7e6d18be 6 bytes jmp 70b1000a
.text c:\programme\medion info display\mdionlcm.exe[812] shell32.dll!shell_notifyiconw 7e6d62a5 6 bytes jmp 70ae000a
.text c:\programme\medion info display\mdionlcm.exe[812] shell32.dll!shellexecuteex 7e6f0e95 6 bytes jmp 7147000a
.text c:\programme\medion info display\mdionlcm.exe[812] shell32.dll!shellexecutea 7e6f11c0 6 bytes jmp 714d000a
.text c:\programme\medion info display\mdionlcm.exe[812] shell32.dll!shellexecutew 7e7659d0 6 bytes jmp 714a000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] ntdll.dll!ntloaddriver 7c91d46e 3 bytes [ff, 25, 1e]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] ntdll.dll!ntloaddriver + 4 7c91d472 2 bytes [22, 71]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] ntdll.dll!ntsuspendprocess 7c91de2e 3 bytes [ff, 25, 1e]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] ntdll.dll!ntsuspendprocess + 4 7c91de32 2 bytes [3a, 71]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!deviceiocontrol 7c801629 3 bytes [ff, 25, 1e]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!deviceiocontrol + 4 7c80162d 2 bytes [aa, 70]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createfilea 7c801a28 6 bytes jmp 70de000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!virtualprotectex 7c801a61 6 bytes jmp 7126000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!virtualprotect 7c801ad4 6 bytes jmp 70d2000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!loadlibraryexw 7c801af5 6 bytes jmp 716b000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!loadlibrarya 7c801d7b 6 bytes jmp 715f000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!terminateprocess 7c801e1a 6 bytes jmp 7165000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!writeprocessmemory 7c802213 6 bytes jmp 7162000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createprocessw 7c802336 6 bytes jmp 7150000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createprocessa 7c80236b 6 bytes jmp 7153000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!virtualalloc 7c809aa1 6 bytes jmp 70d5000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!multibytetowidechar 7c809c48 6 bytes jmp 7084000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!loadresource 7c80a005 6 bytes jmp 70c0000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!widechartomultibyte 7c80a124 6 bytes jmp 7063000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!getprocaddress 7c80adf0 6 bytes jmp 7114000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!loadlibraryw 7c80ae9b 6 bytes jmp 715c000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createmutexw 7c80e907 6 bytes jmp 708d000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createmutexa 7c80e98f 6 bytes jmp 7090000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!openmutexw 7c80e9e5 6 bytes jmp 7087000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!openmutexa 7c80ea6b 6 bytes jmp 708a000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!getvolumeinformationw 7c80fa35 6 bytes jmp 710e000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createremotethread 7c81047c 3 bytes [ff, 25, 1e]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createremotethread + 4 7c810480 2 bytes [6d, 71]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createthread 7c810687 6 bytes jmp 70d8000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createfilew 7c8107b0 6 bytes jmp 70e1000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!writefile 7c810dd7 6 bytes jmp 70a2000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!terminatethread 7c81caeb 6 bytes jmp 7138000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!movefilew 7c821211 6 bytes jmp 705d000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createdirectorya 7c82175c 6 bytes jmp 70a8000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!getvolumeinformationa 7c821b55 6 bytes jmp 7111000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!copyfileexw 7c827ae2 6 bytes jmp 70b4000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!copyfilea 7c82869e 6 bytes jmp 70bd000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!copyfilew 7c82f82b 6 bytes jmp 70ba000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!openprocess 7c830999 6 bytes jmp 7054000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!deletefilea 7c831e8d 6 bytes jmp 7075000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!deletefilew 7c831f13 6 bytes jmp 7072000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createdirectoryw 7c8323b2 6 bytes jmp 70a5000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!movefileexw 7c83563b 6 bytes jmp 7057000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!movefilea 7c835e6f 6 bytes jmp 7060000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!debugactiveprocess 7c85af93 6 bytes jmp 7135000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!movefileexa 7c85e333 6 bytes jmp 705a000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!copyfileexa 7c85f234 6 bytes jmp 70b7000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!winexec 7c8622b5 6 bytes jmp 7141000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!setthreadcontext 7c8639b1 6 bytes jmp 709f000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!createtoolhelp32snapshot 7c865a27 6 bytes jmp 70db000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regopenkeyexw 77da6aaf 6 bytes jmp 70f6000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regqueryvalueexw 77da6fff 6 bytes jmp 70e4000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regcreatekeyexw 77da776c 6 bytes jmp 7108000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regopenkeyexa 77da7852 6 bytes jmp 70f9000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regopenkeyw 77da7946 6 bytes jmp 70fc000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!openprocesstoken 77da798b 6 bytes jmp 709c000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regqueryvalueexa 77da7abb 6 bytes jmp 70e7000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regsetvalueexw 77dad747 6 bytes jmp 70f0000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regqueryvaluew 77dad85a 6 bytes jmp 70ea000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regcreatekeyexa 77dae9d4 6 bytes jmp 710b000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regsetvalueexa 77daeac7 6 bytes jmp 70f3000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regopenkeya 77daefa8 6 bytes jmp 70ff000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!adjusttokenprivileges 77daefec 6 bytes jmp 7093000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regdeletekeya 77db4288 6 bytes jmp 706f000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regdeletekeyw 77db5583 6 bytes jmp 706c000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!openscmanagerw 77db6f3d 6 bytes jmp 70cc000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!openscmanagera 77dc6996 6 bytes jmp 70cf000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!lookupprivilegevaluew 77dcb8c7 6 bytes jmp 7096000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regcreatekeyw 77dcba3d 6 bytes jmp 7102000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regqueryvaluea 77dcbb75 4 bytes jmp ec001e25
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regqueryvaluea + 5 77dcbb7a 1 byte [70]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!regcreatekeya 77dcbcdb 6 bytes jmp 7105000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!lookupprivilegevaluea 77dcc220 6 bytes jmp 7099000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!lsaremoveaccountrights 77deab91 6 bytes jmp 7168000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!createservicea 77e07359 6 bytes jmp 7120000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] advapi32.dll!createservicew 77e074f1 6 bytes jmp 711d000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!setwindowtextw 7e36bc36 6 bytes jmp 7066000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!getkeystate 7e36c505 6 bytes jmp 7132000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!getwindowtextw 7e36cdb6 6 bytes jmp 70c6000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!drawtextw 7e36d7c2 6 bytes jmp 707e000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!showwindow 7e36d8a4 3 bytes [ff, 25, 1e]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!showwindow + 4 7e36d8a8 2 bytes [c2, 70]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!getkeyboardstate 7e36ef29 3 bytes [ff, 25, 1e]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!getkeyboardstate + 4 7e36ef2d 2 bytes [2b, 71]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!getasynckeystate 7e36f3b3 6 bytes jmp 712f000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!createwindowexw 7e36fc25 6 bytes jmp 7078000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!createwindowexa 7e36ff33 6 bytes jmp 707b000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!setwindowshookexw 7e37ddb5 6 bytes jmp 7156000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!setwindowtexta 7e37f52b 6 bytes jmp 7069000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!setwindowshookexa 7e3811d1 6 bytes jmp 7159000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!setwineventhook 7e3817b7 6 bytes jmp 711a000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!getwindowtexta 7e38212b 6 bytes jmp 70c9000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!drawtexta 7e38c6ca 6 bytes jmp 7081000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!ddeconnect 7e3a7f93 6 bytes jmp 7129000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!endtask 7e3a9e75 6 bytes jmp 713e000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!registerrawinputdevices 7e3bcbd4 3 bytes [ff, 25, 1e]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] user32.dll!registerrawinputdevices + 4 7e3bcbd8 2 bytes [16, 71]
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] shell32.dll!shellexecuteexw 7e6b25d3 6 bytes jmp 7144000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] shell32.dll!shell_notifyicon 7e6d18be 6 bytes jmp 70b1000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] shell32.dll!shell_notifyiconw 7e6d62a5 6 bytes jmp 70ae000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] shell32.dll!shellexecuteex 7e6f0e95 6 bytes jmp 7147000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] shell32.dll!shellexecutea 7e6f11c0 6 bytes jmp 714d000a
.text c:\windows\samsung\panelmgr\ssmmgr.exe[820] shell32.dll!shellexecutew 7e7659d0 6 bytes jmp 714a000a
.text c:\windows\rthdcpl.exe[828] ntdll.dll!ntloaddriver 7c91d46e 3 bytes [ff, 25, 1e]
.text c:\windows\rthdcpl.exe[828] ntdll.dll!ntloaddriver + 4 7c91d472 2 bytes [22, 71]
.text c:\windows\rthdcpl.exe[828] ntdll.dll!ntsuspendprocess 7c91de2e 3 bytes [ff, 25, 1e]
.text c:\windows\rthdcpl.exe[828] ntdll.dll!ntsuspendprocess + 4 7c91de32 2 bytes [3a, 71]
.text c:\windows\rthdcpl.exe[828] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\windows\rthdcpl.exe[828] kernel32.dll!deviceiocontrol 7c801629 3 bytes [ff, 25, 1e]
.text c:\windows\rthdcpl.exe[828] kernel32.dll!deviceiocontrol + 4 7c80162d 2 bytes [aa, 70]
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createfilea 7c801a28 6 bytes jmp 70de000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!virtualprotectex 7c801a61 6 bytes jmp 7126000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!virtualprotect 7c801ad4 6 bytes jmp 70d2000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!loadlibraryexw 7c801af5 6 bytes jmp 716b000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!loadlibrarya 7c801d7b 6 bytes jmp 715f000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!terminateprocess 7c801e1a 6 bytes jmp 7165000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!writeprocessmemory 7c802213 6 bytes jmp 7162000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createprocessw 7c802336 6 bytes jmp 7150000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createprocessa 7c80236b 6 bytes jmp 7153000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!virtualalloc 7c809aa1 6 bytes jmp 70d5000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!multibytetowidechar 7c809c48 6 bytes jmp 7084000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!loadresource 7c80a005 6 bytes jmp 70c0000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!widechartomultibyte 7c80a124 6 bytes jmp 7063000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!getprocaddress 7c80adf0 6 bytes jmp 7114000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!loadlibraryw 7c80ae9b 6 bytes jmp 715c000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createmutexw 7c80e907 6 bytes jmp 708d000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createmutexa 7c80e98f 6 bytes jmp 7090000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!openmutexw 7c80e9e5 6 bytes jmp 7087000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!openmutexa 7c80ea6b 6 bytes jmp 708a000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!getvolumeinformationw 7c80fa35 6 bytes jmp 710e000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createremotethread 7c81047c 3 bytes [ff, 25, 1e]
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createremotethread + 4 7c810480 2 bytes [6d, 71]
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createthread 7c810687 6 bytes jmp 70d8000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createfilew 7c8107b0 6 bytes jmp 70e1000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!writefile 7c810dd7 6 bytes jmp 70a2000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!terminatethread 7c81caeb 6 bytes jmp 7138000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!movefilew 7c821211 6 bytes jmp 705d000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createdirectorya 7c82175c 6 bytes jmp 70a8000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!getvolumeinformationa 7c821b55 6 bytes jmp 7111000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!copyfileexw 7c827ae2 6 bytes jmp 70b4000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!copyfilea 7c82869e 6 bytes jmp 70bd000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!copyfilew 7c82f82b 6 bytes jmp 70ba000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!openprocess 7c830999 6 bytes jmp 7054000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!deletefilea 7c831e8d 6 bytes jmp 7075000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!deletefilew 7c831f13 6 bytes jmp 7072000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createdirectoryw 7c8323b2 6 bytes jmp 70a5000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!movefileexw 7c83563b 6 bytes jmp 7057000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!movefilea 7c835e6f 6 bytes jmp 7060000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!debugactiveprocess 7c85af93 6 bytes jmp 7135000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!movefileexa 7c85e333 6 bytes jmp 705a000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!copyfileexa 7c85f234 6 bytes jmp 70b7000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!winexec 7c8622b5 6 bytes jmp 7141000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!setthreadcontext 7c8639b1 6 bytes jmp 709f000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!createtoolhelp32snapshot 7c865a27 6 bytes jmp 70db000a
.text c:\windows\rthdcpl.exe[828] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\windows\rthdcpl.exe[828] user32.dll!setwindowtextw 7e36bc36 6 bytes jmp 7066000a
.text c:\windows\rthdcpl.exe[828] user32.dll!getkeystate 7e36c505 6 bytes jmp 7132000a
.text c:\windows\rthdcpl.exe[828] user32.dll!getwindowtextw 7e36cdb6 6 bytes jmp 70c6000a
.text c:\windows\rthdcpl.exe[828] user32.dll!drawtextw 7e36d7c2 6 bytes jmp 707e000a
.text c:\windows\rthdcpl.exe[828] user32.dll!showwindow 7e36d8a4 3 bytes [ff, 25, 1e]
.text c:\windows\rthdcpl.exe[828] user32.dll!showwindow + 4 7e36d8a8 2 bytes [c2, 70]
.text c:\windows\rthdcpl.exe[828] user32.dll!getkeyboardstate 7e36ef29 3 bytes [ff, 25, 1e]
.text c:\windows\rthdcpl.exe[828] user32.dll!getkeyboardstate + 4 7e36ef2d 2 bytes [2b, 71]
.text c:\windows\rthdcpl.exe[828] user32.dll!getasynckeystate 7e36f3b3 6 bytes jmp 712f000a
.text c:\windows\rthdcpl.exe[828] user32.dll!createwindowexw 7e36fc25 6 bytes jmp 7078000a
.text c:\windows\rthdcpl.exe[828] user32.dll!createwindowexa 7e36ff33 6 bytes jmp 707b000a
.text c:\windows\rthdcpl.exe[828] user32.dll!setwindowshookexw 7e37ddb5 6 bytes jmp 7156000a
.text c:\windows\rthdcpl.exe[828] user32.dll!setwindowtexta 7e37f52b 6 bytes jmp 7069000a
.text c:\windows\rthdcpl.exe[828] user32.dll!setwindowshookexa 7e3811d1 6 bytes jmp 7159000a
.text c:\windows\rthdcpl.exe[828] user32.dll!setwineventhook 7e3817b7 6 bytes jmp 711a000a
.text c:\windows\rthdcpl.exe[828] user32.dll!getwindowtexta 7e38212b 6 bytes jmp 70c9000a
.text c:\windows\rthdcpl.exe[828] user32.dll!drawtexta 7e38c6ca 6 bytes jmp 7081000a
.text c:\windows\rthdcpl.exe[828] user32.dll!ddeconnect 7e3a7f93 6 bytes jmp 7129000a
.text c:\windows\rthdcpl.exe[828] user32.dll!endtask 7e3a9e75 6 bytes jmp 713e000a
.text c:\windows\rthdcpl.exe[828] user32.dll!registerrawinputdevices 7e3bcbd4 3 bytes [ff, 25, 1e]
.text c:\windows\rthdcpl.exe[828] user32.dll!registerrawinputdevices + 4 7e3bcbd8 2 bytes [16, 71]
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regopenkeyexw 77da6aaf 6 bytes jmp 70f6000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regqueryvalueexw 77da6fff 6 bytes jmp 70e4000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regcreatekeyexw 77da776c 6 bytes jmp 7108000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regopenkeyexa 77da7852 6 bytes jmp 70f9000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regopenkeyw 77da7946 6 bytes jmp 70fc000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!openprocesstoken 77da798b 6 bytes jmp 709c000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regqueryvalueexa 77da7abb 6 bytes jmp 70e7000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regsetvalueexw 77dad747 6 bytes jmp 70f0000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regqueryvaluew 77dad85a 6 bytes jmp 70ea000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regcreatekeyexa 77dae9d4 6 bytes jmp 710b000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regsetvalueexa 77daeac7 6 bytes jmp 70f3000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regopenkeya 77daefa8 6 bytes jmp 70ff000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!adjusttokenprivileges 77daefec 6 bytes jmp 7093000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regdeletekeya 77db4288 6 bytes jmp 706f000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regdeletekeyw 77db5583 6 bytes jmp 706c000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!openscmanagerw 77db6f3d 6 bytes jmp 70cc000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!openscmanagera 77dc6996 6 bytes jmp 70cf000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!lookupprivilegevaluew 77dcb8c7 6 bytes jmp 7096000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regcreatekeyw 77dcba3d 6 bytes jmp 7102000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regqueryvaluea 77dcbb75 4 bytes jmp ec001e25
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regqueryvaluea + 5 77dcbb7a 1 byte [70]
.text c:\windows\rthdcpl.exe[828] advapi32.dll!regcreatekeya 77dcbcdb 6 bytes jmp 7105000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!lookupprivilegevaluea 77dcc220 6 bytes jmp 7099000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!lsaremoveaccountrights 77deab91 6 bytes jmp 7168000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!createservicea 77e07359 6 bytes jmp 7120000a
.text c:\windows\rthdcpl.exe[828] advapi32.dll!createservicew 77e074f1 6 bytes jmp 711d000a
.text c:\windows\rthdcpl.exe[828] shell32.dll!shellexecuteexw 7e6b25d3 6 bytes jmp 7144000a
.text c:\windows\rthdcpl.exe[828] shell32.dll!shell_notifyicon 7e6d18be 6 bytes jmp 70b1000a
.text c:\windows\rthdcpl.exe[828] shell32.dll!shell_notifyiconw 7e6d62a5 6 bytes jmp 70ae000a
.text c:\windows\rthdcpl.exe[828] shell32.dll!shellexecuteex 7e6f0e95 6 bytes jmp 7147000a
.text c:\windows\rthdcpl.exe[828] shell32.dll!shellexecutea 7e6f11c0 6 bytes jmp 714d000a
.text c:\windows\rthdcpl.exe[828] shell32.dll!shellexecutew 7e7659d0 6 bytes jmp 714a000a

Polarbär 29.07.2012 14:29
Gmer 4.teil
Zitat:
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] ntdll.dll!ntloaddriver 7c91d46e 3 bytes [ff, 25, 1e]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] ntdll.dll!ntloaddriver + 4 7c91d472 2 bytes [22, 71]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] ntdll.dll!ntsuspendprocess 7c91de2e 3 bytes [ff, 25, 1e]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] ntdll.dll!ntsuspendprocess + 4 7c91de32 2 bytes [3a, 71]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!deviceiocontrol 7c801629 3 bytes [ff, 25, 1e]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!deviceiocontrol + 4 7c80162d 2 bytes [aa, 70]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createfilea 7c801a28 6 bytes jmp 70de000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!virtualprotectex 7c801a61 6 bytes jmp 7126000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!virtualprotect 7c801ad4 6 bytes jmp 70d2000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!loadlibraryexw 7c801af5 6 bytes jmp 716b000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!loadlibrarya 7c801d7b 6 bytes jmp 715f000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!terminateprocess 7c801e1a 6 bytes jmp 7165000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!writeprocessmemory 7c802213 6 bytes jmp 7162000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createprocessw 7c802336 6 bytes jmp 7150000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createprocessa 7c80236b 6 bytes jmp 7153000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!virtualalloc 7c809aa1 6 bytes jmp 70d5000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!multibytetowidechar 7c809c48 6 bytes jmp 707e000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!loadresource 7c80a005 6 bytes jmp 70c0000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!widechartomultibyte 7c80a124 6 bytes jmp 705d000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!getprocaddress 7c80adf0 6 bytes jmp 7114000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!loadlibraryw 7c80ae9b 6 bytes jmp 715c000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createmutexw 7c80e907 6 bytes jmp 7087000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createmutexa 7c80e98f 6 bytes jmp 708a000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!openmutexw 7c80e9e5 6 bytes jmp 7081000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!openmutexa 7c80ea6b 6 bytes jmp 7084000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!getvolumeinformationw 7c80fa35 6 bytes jmp 710e000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createremotethread 7c81047c 3 bytes [ff, 25, 1e]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createremotethread + 4 7c810480 2 bytes [6d, 71]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createthread 7c810687 6 bytes jmp 70d8000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createfilew 7c8107b0 6 bytes jmp 70e1000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!writefile 7c810dd7 6 bytes jmp 709c000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!terminatethread 7c81caeb 6 bytes jmp 7138000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!movefilew 7c821211 6 bytes jmp 7057000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createdirectorya 7c82175c 6 bytes jmp 70a2000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!getvolumeinformationa 7c821b55 6 bytes jmp 7111000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!copyfileexw 7c827ae2 6 bytes jmp 70b4000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!copyfilea 7c82869e 6 bytes jmp 70bd000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!copyfilew 7c82f82b 6 bytes jmp 70ba000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!openprocess 7c830999 6 bytes jmp 704e000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!deletefilea 7c831e8d 6 bytes jmp 706f000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!deletefilew 7c831f13 6 bytes jmp 706c000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createdirectoryw 7c8323b2 6 bytes jmp 709f000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!movefileexw 7c83563b 6 bytes jmp 7051000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!movefilea 7c835e6f 6 bytes jmp 705a000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!debugactiveprocess 7c85af93 6 bytes jmp 7135000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!movefileexa 7c85e333 6 bytes jmp 7054000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!copyfileexa 7c85f234 6 bytes jmp 70b7000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!winexec 7c8622b5 6 bytes jmp 7141000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!setthreadcontext 7c8639b1 6 bytes jmp 7099000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!createtoolhelp32snapshot 7c865a27 6 bytes jmp 70db000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regopenkeyexw 77da6aaf 6 bytes jmp 70f6000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regqueryvalueexw 77da6fff 6 bytes jmp 70e4000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regcreatekeyexw 77da776c 6 bytes jmp 7108000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regopenkeyexa 77da7852 6 bytes jmp 70f9000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regopenkeyw 77da7946 6 bytes jmp 70fc000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!openprocesstoken 77da798b 6 bytes jmp 7096000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regqueryvalueexa 77da7abb 6 bytes jmp 70e7000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regsetvalueexw 77dad747 6 bytes jmp 70f0000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regqueryvaluew 77dad85a 6 bytes jmp 70ea000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regcreatekeyexa 77dae9d4 6 bytes jmp 710b000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regsetvalueexa 77daeac7 6 bytes jmp 70f3000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regopenkeya 77daefa8 6 bytes jmp 70ff000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!adjusttokenprivileges 77daefec 6 bytes jmp 708d000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regdeletekeya 77db4288 6 bytes jmp 7069000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regdeletekeyw 77db5583 6 bytes jmp 7066000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!openscmanagerw 77db6f3d 6 bytes jmp 70cc000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!openscmanagera 77dc6996 6 bytes jmp 70cf000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!lookupprivilegevaluew 77dcb8c7 6 bytes jmp 7090000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regcreatekeyw 77dcba3d 6 bytes jmp 7102000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regqueryvaluea 77dcbb75 4 bytes jmp ec001e25
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regqueryvaluea + 5 77dcbb7a 1 byte [70]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!regcreatekeya 77dcbcdb 6 bytes jmp 7105000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!lookupprivilegevaluea 77dcc220 6 bytes jmp 7093000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!lsaremoveaccountrights 77deab91 6 bytes jmp 7168000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!createservicea 77e07359 6 bytes jmp 7120000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] advapi32.dll!createservicew 77e074f1 6 bytes jmp 711d000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!setwindowtextw 7e36bc36 6 bytes jmp 7060000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!getkeystate 7e36c505 6 bytes jmp 7132000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!getwindowtextw 7e36cdb6 6 bytes jmp 70c6000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!drawtextw 7e36d7c2 6 bytes jmp 7078000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!showwindow 7e36d8a4 3 bytes [ff, 25, 1e]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!showwindow + 4 7e36d8a8 2 bytes [c2, 70]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!getkeyboardstate 7e36ef29 3 bytes [ff, 25, 1e]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!getkeyboardstate + 4 7e36ef2d 2 bytes [2b, 71]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!getasynckeystate 7e36f3b3 6 bytes jmp 712f000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!createwindowexw 7e36fc25 6 bytes jmp 7072000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!createwindowexa 7e36ff33 6 bytes jmp 7075000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!setwindowshookexw 7e37ddb5 6 bytes jmp 7156000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!setwindowtexta 7e37f52b 6 bytes jmp 7063000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!setwindowshookexa 7e3811d1 6 bytes jmp 7159000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!setwineventhook 7e3817b7 6 bytes jmp 711a000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!getwindowtexta 7e38212b 6 bytes jmp 70c9000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!drawtexta 7e38c6ca 6 bytes jmp 707b000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!ddeconnect 7e3a7f93 6 bytes jmp 7129000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!endtask 7e3a9e75 6 bytes jmp 713e000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!registerrawinputdevices 7e3bcbd4 3 bytes [ff, 25, 1e]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] user32.dll!registerrawinputdevices + 4 7e3bcbd8 2 bytes [16, 71]
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] wininet.dll!internetconnecta 408cdeae 6 bytes jmp 704b000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] wininet.dll!internetopenurla 408df3a4 6 bytes jmp 70a8000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] wininet.dll!internetopenurlw 40926ddf 6 bytes jmp 70a5000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] shell32.dll!shellexecuteexw 7e6b25d3 6 bytes jmp 7144000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] shell32.dll!shell_notifyicon 7e6d18be 6 bytes jmp 70b1000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] shell32.dll!shell_notifyiconw 7e6d62a5 6 bytes jmp 70ae000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] shell32.dll!shellexecuteex 7e6f0e95 6 bytes jmp 7147000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] shell32.dll!shellexecutea 7e6f11c0 6 bytes jmp 714d000a
.text c:\programme\gemeinsame dateien\java\java update\jusched.exe[840] shell32.dll!shellexecutew 7e7659d0 6 bytes jmp 714a000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] ntdll.dll!ntloaddriver 7c91d46e 3 bytes [ff, 25, 1e]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] ntdll.dll!ntloaddriver + 4 7c91d472 2 bytes [22, 71]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] ntdll.dll!ntsuspendprocess 7c91de2e 3 bytes [ff, 25, 1e]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] ntdll.dll!ntsuspendprocess + 4 7c91de32 2 bytes [3a, 71]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!deviceiocontrol 7c801629 3 bytes [ff, 25, 1e]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!deviceiocontrol + 4 7c80162d 2 bytes [aa, 70]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createfilea 7c801a28 6 bytes jmp 70de000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!virtualprotectex 7c801a61 6 bytes jmp 7126000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!virtualprotect 7c801ad4 6 bytes jmp 70d2000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!loadlibraryexw 7c801af5 6 bytes jmp 716b000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!loadlibrarya 7c801d7b 6 bytes jmp 715f000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!terminateprocess 7c801e1a 6 bytes jmp 7165000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!writeprocessmemory 7c802213 6 bytes jmp 7162000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createprocessw 7c802336 6 bytes jmp 7150000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createprocessa 7c80236b 6 bytes jmp 7153000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!virtualalloc 7c809aa1 6 bytes jmp 70d5000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!multibytetowidechar 7c809c48 6 bytes jmp 707e000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!loadresource 7c80a005 6 bytes jmp 70c0000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!widechartomultibyte 7c80a124 6 bytes jmp 705d000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!getprocaddress 7c80adf0 6 bytes jmp 7114000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!loadlibraryw 7c80ae9b 6 bytes jmp 715c000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createmutexw 7c80e907 6 bytes jmp 7087000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createmutexa 7c80e98f 6 bytes jmp 708a000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!openmutexw 7c80e9e5 6 bytes jmp 7081000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!openmutexa 7c80ea6b 6 bytes jmp 7084000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!getvolumeinformationw 7c80fa35 6 bytes jmp 710e000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createremotethread 7c81047c 3 bytes [ff, 25, 1e]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createremotethread + 4 7c810480 2 bytes [6d, 71]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createthread 7c810687 6 bytes jmp 70d8000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createfilew 7c8107b0 6 bytes jmp 70e1000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!writefile 7c810dd7 6 bytes jmp 709c000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!terminatethread 7c81caeb 6 bytes jmp 7138000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!movefilew 7c821211 6 bytes jmp 7057000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createdirectorya 7c82175c 6 bytes jmp 70a2000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!getvolumeinformationa 7c821b55 6 bytes jmp 7111000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!copyfileexw 7c827ae2 6 bytes jmp 70b4000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!copyfilea 7c82869e 6 bytes jmp 70bd000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!copyfilew 7c82f82b 6 bytes jmp 70ba000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!openprocess 7c830999 6 bytes jmp 704e000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!deletefilea 7c831e8d 6 bytes jmp 706f000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!deletefilew 7c831f13 6 bytes jmp 706c000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createdirectoryw 7c8323b2 6 bytes jmp 709f000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!movefileexw 7c83563b 6 bytes jmp 7051000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!movefilea 7c835e6f 6 bytes jmp 705a000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!debugactiveprocess 7c85af93 6 bytes jmp 7135000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!movefileexa 7c85e333 6 bytes jmp 7054000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!copyfileexa 7c85f234 6 bytes jmp 70b7000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!winexec 7c8622b5 6 bytes jmp 7141000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!setthreadcontext 7c8639b1 6 bytes jmp 7099000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!createtoolhelp32snapshot 7c865a27 6 bytes jmp 70db000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!setwindowtextw 7e36bc36 6 bytes jmp 7060000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!getkeystate 7e36c505 6 bytes jmp 7132000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!getwindowtextw 7e36cdb6 6 bytes jmp 70c6000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!drawtextw 7e36d7c2 6 bytes jmp 7078000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!showwindow 7e36d8a4 3 bytes [ff, 25, 1e]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!showwindow + 4 7e36d8a8 2 bytes [c2, 70]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!getkeyboardstate 7e36ef29 3 bytes [ff, 25, 1e]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!getkeyboardstate + 4 7e36ef2d 2 bytes [2b, 71]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!getasynckeystate 7e36f3b3 6 bytes jmp 712f000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!createwindowexw 7e36fc25 6 bytes jmp 7072000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!createwindowexa 7e36ff33 6 bytes jmp 7075000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!setwindowshookexw 7e37ddb5 6 bytes jmp 7156000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!setwindowtexta 7e37f52b 6 bytes jmp 7063000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!setwindowshookexa 7e3811d1 6 bytes jmp 7159000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!setwineventhook 7e3817b7 6 bytes jmp 711a000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!getwindowtexta 7e38212b 6 bytes jmp 70c9000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!drawtexta 7e38c6ca 6 bytes jmp 707b000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!ddeconnect 7e3a7f93 6 bytes jmp 7129000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!endtask 7e3a9e75 6 bytes jmp 713e000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!registerrawinputdevices 7e3bcbd4 3 bytes [ff, 25, 1e]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] user32.dll!registerrawinputdevices + 4 7e3bcbd8 2 bytes [16, 71]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regopenkeyexw 77da6aaf 6 bytes jmp 70f6000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regqueryvalueexw 77da6fff 6 bytes jmp 70e4000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regcreatekeyexw 77da776c 6 bytes jmp 7108000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regopenkeyexa 77da7852 6 bytes jmp 70f9000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regopenkeyw 77da7946 6 bytes jmp 70fc000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!openprocesstoken 77da798b 6 bytes jmp 7096000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regqueryvalueexa 77da7abb 6 bytes jmp 70e7000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regsetvalueexw 77dad747 6 bytes jmp 70f0000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regqueryvaluew 77dad85a 6 bytes jmp 70ea000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regcreatekeyexa 77dae9d4 6 bytes jmp 710b000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regsetvalueexa 77daeac7 6 bytes jmp 70f3000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regopenkeya 77daefa8 6 bytes jmp 70ff000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!adjusttokenprivileges 77daefec 6 bytes jmp 708d000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regdeletekeya 77db4288 6 bytes jmp 7069000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regdeletekeyw 77db5583 6 bytes jmp 7066000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!openscmanagerw 77db6f3d 6 bytes jmp 70cc000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!openscmanagera 77dc6996 6 bytes jmp 70cf000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!lookupprivilegevaluew 77dcb8c7 6 bytes jmp 7090000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regcreatekeyw 77dcba3d 6 bytes jmp 7102000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regqueryvaluea 77dcbb75 4 bytes jmp ec001e25
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regqueryvaluea + 5 77dcbb7a 1 byte [70]
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!regcreatekeya 77dcbcdb 6 bytes jmp 7105000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!lookupprivilegevaluea 77dcc220 6 bytes jmp 7093000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!lsaremoveaccountrights 77deab91 6 bytes jmp 7168000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!createservicea 77e07359 6 bytes jmp 7120000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] advapi32.dll!createservicew 77e074f1 6 bytes jmp 711d000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] shell32.dll!shellexecuteexw 7e6b25d3 6 bytes jmp 7144000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] shell32.dll!shell_notifyicon 7e6d18be 6 bytes jmp 70b1000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] shell32.dll!shell_notifyiconw 7e6d62a5 6 bytes jmp 70ae000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] shell32.dll!shellexecuteex 7e6f0e95 6 bytes jmp 7147000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] shell32.dll!shellexecutea 7e6f11c0 6 bytes jmp 714d000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] shell32.dll!shellexecutew 7e7659d0 6 bytes jmp 714a000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] wininet.dll!internetconnecta 408cdeae 6 bytes jmp 704b000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] wininet.dll!internetopenurla 408df3a4 6 bytes jmp 70a8000a
.text c:\programme\microsoft intellipoint\ipoint.exe[872] wininet.dll!internetopenurlw 40926ddf 6 bytes jmp 70a5000a
.text c:\programme\secunia\psi\psia.exe[1004] ntdll.dll!ntloaddriver 7c91d46e 3 bytes [ff, 25, 1e]
.text c:\programme\secunia\psi\psia.exe[1004] ntdll.dll!ntloaddriver + 4 7c91d472 2 bytes [22, 71]
.text c:\programme\secunia\psi\psia.exe[1004] ntdll.dll!ntsuspendprocess 7c91de2e 3 bytes [ff, 25, 1e]
.text c:\programme\secunia\psi\psia.exe[1004] ntdll.dll!ntsuspendprocess + 4 7c91de32 2 bytes [3a, 71]
.text c:\programme\secunia\psi\psia.exe[1004] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!deviceiocontrol 7c801629 3 bytes [ff, 25, 1e]
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!deviceiocontrol + 4 7c80162d 2 bytes [aa, 70]
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createfilea 7c801a28 6 bytes jmp 70de000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!virtualprotectex 7c801a61 6 bytes jmp 7126000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!virtualprotect 7c801ad4 6 bytes jmp 70d2000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!loadlibraryexw 7c801af5 6 bytes jmp 716b000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!loadlibrarya 7c801d7b 6 bytes jmp 715f000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!terminateprocess 7c801e1a 6 bytes jmp 7165000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!writeprocessmemory 7c802213 6 bytes jmp 7162000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createprocessw 7c802336 6 bytes jmp 7150000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createprocessa 7c80236b 6 bytes jmp 7153000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!virtualalloc 7c809aa1 6 bytes jmp 70d5000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!multibytetowidechar 7c809c48 6 bytes jmp 707e000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!loadresource 7c80a005 6 bytes jmp 70c0000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!widechartomultibyte 7c80a124 6 bytes jmp 705d000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!getprocaddress 7c80adf0 6 bytes jmp 7114000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!loadlibraryw 7c80ae9b 6 bytes jmp 715c000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createmutexw 7c80e907 6 bytes jmp 7087000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createmutexa 7c80e98f 6 bytes jmp 708a000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!openmutexw 7c80e9e5 6 bytes jmp 7081000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!openmutexa 7c80ea6b 6 bytes jmp 7084000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!getvolumeinformationw 7c80fa35 6 bytes jmp 710e000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createremotethread 7c81047c 3 bytes [ff, 25, 1e]
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createremotethread + 4 7c810480 2 bytes [6d, 71]
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createthread 7c810687 6 bytes jmp 70d8000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createfilew 7c8107b0 6 bytes jmp 70e1000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!writefile 7c810dd7 6 bytes jmp 709c000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!terminatethread 7c81caeb 6 bytes jmp 7138000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!movefilew 7c821211 6 bytes jmp 7057000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createdirectorya 7c82175c 6 bytes jmp 70a2000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!getvolumeinformationa 7c821b55 6 bytes jmp 7111000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!copyfileexw 7c827ae2 6 bytes jmp 70b4000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!copyfilea 7c82869e 6 bytes jmp 70bd000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!copyfilew 7c82f82b 6 bytes jmp 70ba000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!openprocess 7c830999 6 bytes jmp 704e000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!deletefilea 7c831e8d 6 bytes jmp 706f000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!deletefilew 7c831f13 6 bytes jmp 706c000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createdirectoryw 7c8323b2 6 bytes jmp 709f000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!movefileexw 7c83563b 6 bytes jmp 7051000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!movefilea 7c835e6f 6 bytes jmp 705a000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!debugactiveprocess 7c85af93 6 bytes jmp 7135000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!movefileexa 7c85e333 6 bytes jmp 7054000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!copyfileexa 7c85f234 6 bytes jmp 70b7000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!winexec 7c8622b5 6 bytes jmp 7141000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!setthreadcontext 7c8639b1 6 bytes jmp 7099000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!createtoolhelp32snapshot 7c865a27 6 bytes jmp 70db000a
.text c:\programme\secunia\psi\psia.exe[1004] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regopenkeyexw 77da6aaf 6 bytes jmp 70f6000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regqueryvalueexw 77da6fff 6 bytes jmp 70e4000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regcreatekeyexw 77da776c 6 bytes jmp 7108000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regopenkeyexa 77da7852 6 bytes jmp 70f9000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regopenkeyw 77da7946 6 bytes jmp 70fc000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!openprocesstoken 77da798b 6 bytes jmp 7096000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regqueryvalueexa 77da7abb 6 bytes jmp 70e7000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regsetvalueexw 77dad747 6 bytes jmp 70f0000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regqueryvaluew 77dad85a 6 bytes jmp 70ea000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regcreatekeyexa 77dae9d4 6 bytes jmp 710b000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regsetvalueexa 77daeac7 6 bytes jmp 70f3000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regopenkeya 77daefa8 6 bytes jmp 70ff000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!adjusttokenprivileges 77daefec 6 bytes jmp 708d000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regdeletekeya 77db4288 6 bytes jmp 7069000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regdeletekeyw 77db5583 6 bytes jmp 7066000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!openscmanagerw 77db6f3d 6 bytes jmp 70cc000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!openscmanagera 77dc6996 6 bytes jmp 70cf000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!lookupprivilegevaluew 77dcb8c7 6 bytes jmp 7090000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regcreatekeyw 77dcba3d 6 bytes jmp 7102000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regqueryvaluea 77dcbb75 4 bytes jmp ec001e25
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regqueryvaluea + 5 77dcbb7a 1 byte [70]
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!regcreatekeya 77dcbcdb 6 bytes jmp 7105000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!lookupprivilegevaluea 77dcc220 6 bytes jmp 7093000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!lsaremoveaccountrights 77deab91 6 bytes jmp 7168000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!createservicea 77e07359 6 bytes jmp 7120000a
.text c:\programme\secunia\psi\psia.exe[1004] advapi32.dll!createservicew 77e074f1 6 bytes jmp 711d000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!setwindowtextw 7e36bc36 6 bytes jmp 7060000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!getkeystate 7e36c505 6 bytes jmp 7132000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!getwindowtextw 7e36cdb6 6 bytes jmp 70c6000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!drawtextw 7e36d7c2 6 bytes jmp 7078000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!showwindow 7e36d8a4 3 bytes [ff, 25, 1e]
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!showwindow + 4 7e36d8a8 2 bytes [c2, 70]
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!getkeyboardstate 7e36ef29 3 bytes [ff, 25, 1e]
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!getkeyboardstate + 4 7e36ef2d 2 bytes [2b, 71]
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!getasynckeystate 7e36f3b3 6 bytes jmp 712f000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!createwindowexw 7e36fc25 6 bytes jmp 7072000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!createwindowexa 7e36ff33 6 bytes jmp 7075000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!setwindowshookexw 7e37ddb5 6 bytes jmp 7156000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!setwindowtexta 7e37f52b 6 bytes jmp 7063000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!setwindowshookexa 7e3811d1 6 bytes jmp 7159000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!setwineventhook 7e3817b7 6 bytes jmp 711a000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!getwindowtexta 7e38212b 6 bytes jmp 70c9000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!drawtexta 7e38c6ca 6 bytes jmp 707b000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!ddeconnect 7e3a7f93 6 bytes jmp 7129000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!endtask 7e3a9e75 6 bytes jmp 713e000a
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!registerrawinputdevices 7e3bcbd4 3 bytes [ff, 25, 1e]
.text c:\programme\secunia\psi\psia.exe[1004] user32.dll!registerrawinputdevices + 4 7e3bcbd8 2 bytes [16, 71]
.text c:\programme\secunia\psi\psia.exe[1004] wininet.dll!internetconnecta 408cdeae 6 bytes jmp 704b000a
.text c:\programme\secunia\psi\psia.exe[1004] wininet.dll!internetopenurla 408df3a4 6 bytes jmp 70a8000a
.text c:\programme\secunia\psi\psia.exe[1004] wininet.dll!internetopenurlw 40926ddf 6 bytes jmp 70a5000a
.text c:\programme\secunia\psi\psia.exe[1004] shell32.dll!shellexecuteexw 7e6b25d3 6 bytes jmp 7144000a
.text c:\programme\secunia\psi\psia.exe[1004] shell32.dll!shell_notifyicon 7e6d18be 6 bytes jmp 70b1000a
.text c:\programme\secunia\psi\psia.exe[1004] shell32.dll!shell_notifyiconw 7e6d62a5 6 bytes jmp 70ae000a
.text c:\programme\secunia\psi\psia.exe[1004] shell32.dll!shellexecuteex 7e6f0e95 6 bytes jmp 7147000a
.text c:\programme\secunia\psi\psia.exe[1004] shell32.dll!shellexecutea 7e6f11c0 6 bytes jmp 714d000a
.text c:\programme\secunia\psi\psia.exe[1004] shell32.dll!shellexecutew 7e7659d0 6 bytes jmp 714a000a
.text c:\windows\system32\csrss.exe[1016] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\windows\system32\csrss.exe[1016] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\programme\alwil software\avast5\avastui.exe[1092] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\programme\alwil software\avast5\avastui.exe[1092] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\windows\system32\winlogon.exe[1120] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!deviceiocontrol 7c801629 3 bytes [ff, 25, 1e]
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!deviceiocontrol + 4 7c80162d 2 bytes [01, 71]
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!createfilea 7c801a28 6 bytes jmp 7135000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!virtualprotect 7c801ad4 6 bytes jmp 7129000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!loadlibraryexw 7c801af5 6 bytes jmp 716b000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!virtualalloc 7c809aa1 6 bytes jmp 712c000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!multibytetowidechar 7c809c48 6 bytes jmp 70db000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!loadresource 7c80a005 6 bytes jmp 7117000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!widechartomultibyte 7c80a124 6 bytes jmp 70ba000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!getprocaddress 7c80adf0 6 bytes jmp 716e000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!createmutexw 7c80e907 6 bytes jmp 70e4000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!createmutexa 7c80e98f 6 bytes jmp 70e7000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!openmutexw 7c80e9e5 6 bytes jmp 70de000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!openmutexa 7c80ea6b 6 bytes jmp 70e1000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!getvolumeinformationw 7c80fa35 6 bytes jmp 7165000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!createthread 7c810687 6 bytes jmp 712f000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!createfilew 7c8107b0 6 bytes jmp 7138000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!writefile 7c810dd7 6 bytes jmp 70f9000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!movefilew 7c821211 6 bytes jmp 70b4000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!createdirectorya 7c82175c 6 bytes jmp 70ff000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!getvolumeinformationa 7c821b55 6 bytes jmp 7168000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!copyfileexw 7c827ae2 6 bytes jmp 710b000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!copyfilea 7c82869e 6 bytes jmp 7114000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!copyfilew 7c82f82b 6 bytes jmp 7111000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!openprocess 7c830999 6 bytes jmp 70ab000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!deletefilea 7c831e8d 6 bytes jmp 70cc000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!deletefilew 7c831f13 6 bytes jmp 70c9000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!createdirectoryw 7c8323b2 6 bytes jmp 70fc000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!movefileexw 7c83563b 6 bytes jmp 70ae000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!movefilea 7c835e6f 6 bytes jmp 70b7000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!movefileexa 7c85e333 6 bytes jmp 70b1000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!copyfileexa 7c85f234 6 bytes jmp 710e000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!setthreadcontext 7c8639b1 6 bytes jmp 70f6000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!createtoolhelp32snapshot 7c865a27 6 bytes jmp 7132000a
.text c:\windows\system32\winlogon.exe[1120] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regopenkeyexw 77da6aaf 6 bytes jmp 714d000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regqueryvalueexw 77da6fff 6 bytes jmp 713b000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regcreatekeyexw 77da776c 6 bytes jmp 715f000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regopenkeyexa 77da7852 6 bytes jmp 7150000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regopenkeyw 77da7946 6 bytes jmp 7153000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!openprocesstoken 77da798b 6 bytes jmp 70f3000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regqueryvalueexa 77da7abb 6 bytes jmp 713e000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regsetvalueexw 77dad747 6 bytes jmp 7147000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regqueryvaluew 77dad85a 6 bytes jmp 7141000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regcreatekeyexa 77dae9d4 6 bytes jmp 7162000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regsetvalueexa 77daeac7 6 bytes jmp 714a000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regopenkeya 77daefa8 6 bytes jmp 7156000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!adjusttokenprivileges 77daefec 6 bytes jmp 70ea000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regdeletekeya 77db4288 6 bytes jmp 70c6000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regdeletekeyw 77db5583 6 bytes jmp 70c3000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!openscmanagerw 77db6f3d 6 bytes jmp 7123000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!openscmanagera 77dc6996 6 bytes jmp 7126000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!lookupprivilegevaluew 77dcb8c7 4 bytes jmp ec001e25
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!lookupprivilegevaluew + 5 77dcb8cc 1 byte [70]
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regcreatekeyw 77dcba3d 6 bytes jmp 7159000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regqueryvaluea 77dcbb75 6 bytes jmp 7144000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!regcreatekeya 77dcbcdb 6 bytes jmp 715c000a
.text c:\windows\system32\winlogon.exe[1120] advapi32.dll!lookupprivilegevaluea 77dcc220 6 bytes jmp 70f0000a
.text c:\windows\system32\winlogon.exe[1120] user32.dll!setwindowtextw 7e36bc36 6 bytes jmp 70bd000a
.text c:\windows\system32\winlogon.exe[1120] user32.dll!getwindowtextw 7e36cdb6 6 bytes jmp 711d000a
.text c:\windows\system32\winlogon.exe[1120] user32.dll!drawtextw 7e36d7c2 6 bytes jmp 70d5000a
.text c:\windows\system32\winlogon.exe[1120] user32.dll!showwindow 7e36d8a4 3 bytes [ff, 25, 1e]
.text c:\windows\system32\winlogon.exe[1120] user32.dll!showwindow + 4 7e36d8a8 2 bytes [19, 71]
.text c:\windows\system32\winlogon.exe[1120] user32.dll!createwindowexw 7e36fc25 6 bytes jmp 70cf000a
.text c:\windows\system32\winlogon.exe[1120] user32.dll!createwindowexa 7e36ff33 6 bytes jmp 70d2000a
.text c:\windows\system32\winlogon.exe[1120] user32.dll!setwindowtexta 7e37f52b 6 bytes jmp 70c0000a
.text c:\windows\system32\winlogon.exe[1120] user32.dll!getwindowtexta 7e38212b 6 bytes jmp 7120000a
.text c:\windows\system32\winlogon.exe[1120] user32.dll!drawtexta 7e38c6ca 6 bytes jmp 70d8000a
.text c:\windows\system32\winlogon.exe[1120] shell32.dll!shell_notifyicon 7e6d18be 6 bytes jmp 7108000a
.text c:\windows\system32\winlogon.exe[1120] shell32.dll!shell_notifyiconw 7e6d62a5 6 bytes jmp 7105000a
.text c:\windows\system32\services.exe[1180] ntdll.dll!ntloaddriver 7c91d46e 3 bytes [ff, 25, 1e]
.text c:\windows\system32\services.exe[1180] ntdll.dll!ntloaddriver + 4 7c91d472 2 bytes [22, 71]
.text c:\windows\system32\services.exe[1180] ntdll.dll!ntsuspendprocess 7c91de2e 3 bytes [ff, 25, 1e]
.text c:\windows\system32\services.exe[1180] ntdll.dll!ntsuspendprocess + 4 7c91de32 2 bytes [3a, 71]
.text c:\windows\system32\services.exe[1180] ntdll.dll!rtldossearchpath_u + 1d1 7c926ada 1 byte [62]
.text c:\windows\system32\services.exe[1180] kernel32.dll!deviceiocontrol 7c801629 3 bytes [ff, 25, 1e]
.text c:\windows\system32\services.exe[1180] kernel32.dll!deviceiocontrol + 4 7c80162d 2 bytes [aa, 70]
.text c:\windows\system32\services.exe[1180] kernel32.dll!createfilea 7c801a28 6 bytes jmp 70de000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!virtualprotectex 7c801a61 6 bytes jmp 7126000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!virtualprotect 7c801ad4 6 bytes jmp 70d2000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!loadlibraryexw 7c801af5 6 bytes jmp 716b000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!loadlibrarya 7c801d7b 6 bytes jmp 715f000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!terminateprocess 7c801e1a 6 bytes jmp 7165000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!writeprocessmemory 7c802213 6 bytes jmp 7162000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!createprocessw 7c802336 6 bytes jmp 7150000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!createprocessa 7c80236b 6 bytes jmp 7153000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!virtualalloc 7c809aa1 6 bytes jmp 70d5000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!multibytetowidechar 7c809c48 6 bytes jmp 7084000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!loadresource 7c80a005 6 bytes jmp 70c0000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!widechartomultibyte 7c80a124 6 bytes jmp 7063000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!getprocaddress 7c80adf0 6 bytes jmp 7114000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!loadlibraryw 7c80ae9b 6 bytes jmp 715c000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!createmutexw 7c80e907 6 bytes jmp 708d000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!createmutexa 7c80e98f 6 bytes jmp 7090000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!openmutexw 7c80e9e5 6 bytes jmp 7087000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!openmutexa 7c80ea6b 6 bytes jmp 708a000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!getvolumeinformationw 7c80fa35 6 bytes jmp 710e000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!createremotethread 7c81047c 3 bytes [ff, 25, 1e]
.text c:\windows\system32\services.exe[1180] kernel32.dll!createremotethread + 4 7c810480 2 bytes [6d, 71]
.text c:\windows\system32\services.exe[1180] kernel32.dll!createthread 7c810687 6 bytes jmp 70d8000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!createfilew 7c8107b0 6 bytes jmp 70e1000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!writefile 7c810dd7 6 bytes jmp 70a2000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!terminatethread 7c81caeb 6 bytes jmp 7138000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!movefilew 7c821211 6 bytes jmp 705d000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!createdirectorya 7c82175c 6 bytes jmp 70a8000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!getvolumeinformationa 7c821b55 6 bytes jmp 7111000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!copyfileexw 7c827ae2 6 bytes jmp 70b4000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!copyfilea 7c82869e 6 bytes jmp 70bd000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!copyfilew 7c82f82b 6 bytes jmp 70ba000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!openprocess 7c830999 6 bytes jmp 7054000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!deletefilea 7c831e8d 6 bytes jmp 7075000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!deletefilew 7c831f13 6 bytes jmp 7072000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!createdirectoryw 7c8323b2 6 bytes jmp 70a5000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!movefileexw 7c83563b 6 bytes jmp 7057000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!movefilea 7c835e6f 6 bytes jmp 7060000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!debugactiveprocess 7c85af93 6 bytes jmp 7135000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!movefileexa 7c85e333 6 bytes jmp 705a000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!copyfileexa 7c85f234 6 bytes jmp 70b7000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!winexec 7c8622b5 6 bytes jmp 7141000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!setthreadcontext 7c8639b1 6 bytes jmp 709f000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!createtoolhelp32snapshot 7c865a27 6 bytes jmp 70db000a
.text c:\windows\system32\services.exe[1180] kernel32.dll!getbinarytypew + 80 7c868b34 1 byte [62]
.text c:\windows\system32\services.exe[1180] advapi32.dll!regopenkeyexw 77da6aaf 6 bytes jmp 70f6000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regqueryvalueexw 77da6fff 6 bytes jmp 70e4000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regcreatekeyexw 77da776c 6 bytes jmp 7108000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regopenkeyexa 77da7852 6 bytes jmp 70f9000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regopenkeyw 77da7946 6 bytes jmp 70fc000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!openprocesstoken 77da798b 6 bytes jmp 709c000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regqueryvalueexa 77da7abb 6 bytes jmp 70e7000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regsetvalueexw 77dad747 6 bytes jmp 70f0000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regqueryvaluew 77dad85a 6 bytes jmp 70ea000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regcreatekeyexa 77dae9d4 6 bytes jmp 710b000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regsetvalueexa 77daeac7 6 bytes jmp 70f3000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regopenkeya 77daefa8 6 bytes jmp 70ff000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!adjusttokenprivileges 77daefec 6 bytes jmp 7093000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regdeletekeya 77db4288 6 bytes jmp 706f000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regdeletekeyw 77db5583 6 bytes jmp 706c000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!openscmanagerw 77db6f3d 6 bytes jmp 70cc000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!openscmanagera 77dc6996 6 bytes jmp 70cf000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!lookupprivilegevaluew 77dcb8c7 6 bytes jmp 7096000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regcreatekeyw 77dcba3d 6 bytes jmp 7102000a
.text c:\windows\system32\services.exe[1180] advapi32.dll!regqueryvaluea 77dcbb75 4 bytes jmp ec001e25
.text c:\windows\system32\services.exe[1180] advapi32.dll!regqueryvaluea + 5 77dcbb7a 1 byte [70]
.text c:\windows\system32\services.exe[1180] advapi32.dll!regcreatekeya 77dcbcdb 6 bytes jmp 7105000a

Polarbär 29.07.2012 14:35
GMER 5.Teil
Zitat:
.text C:\WINDOWS\system32\services.exe[1180] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\services.exe[1180] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\services.exe[1180] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\services.exe[1180] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1180] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\services.exe[1180] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\services.exe[1180] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\services.exe[1180] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\services.exe[1180] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\services.exe[1180] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\services.exe[1180] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\lsass.exe[1200] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1200] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\lsass.exe[1200] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1200] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\lsass.exe[1200] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\lsass.exe[1200] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\lsass.exe[1200] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1200] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\lsass.exe[1200] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\lsass.exe[1200] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\lsass.exe[1200] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\lsass.exe[1200] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\lsass.exe[1200] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\lsass.exe[1200] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\svchost.exe[1268] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1268] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\System32\svchost.exe[1268] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1268] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\System32\svchost.exe[1268] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\System32\svchost.exe[1268] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\svchost.exe[1268] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\svchost.exe[1268] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\svchost.exe[1268] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\svchost.exe[1268] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\svchost.exe[1268] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1380] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\svchost.exe[1400] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\svchost.exe[1400] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\svchost.exe[1400] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\svchost.exe[1400] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\svchost.exe[1400] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\svchost.exe[1400] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text

Polarbär 29.07.2012 14:37
GMER Teil 6
Zitat:
C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\svchost.exe[1472] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\svchost.exe[1472] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\svchost.exe[1472] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\svchost.exe[1472] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\svchost.exe[1472] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\svchost.exe[1472] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\svchost.exe[1508] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1508] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\System32\svchost.exe[1508] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1508] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\System32\svchost.exe[1508] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [A9, 70]
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D1000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D4000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 707D000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70BF000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 705C000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 7086000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7089000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7080000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 7083000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D7000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 709B000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 7056000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A1000A
C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B3000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BC000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70B9000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 704D000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 706E000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 706B000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 709E000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7050000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7059000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 7053000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B6000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 7098000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DA000A
.text C:\WINDOWS\System32\svchost.exe[1508] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 7095000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyExA .text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 708C000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 7068000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 7065000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CB000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CE000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 708F000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7092000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\svchost.exe[1508] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 705F000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C5000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 7077000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C1, 70]
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7071000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 7074000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7062000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C8000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 707A000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1508] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\System32\svchost.exe[1508] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\svchost.exe[1508] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B0000A
.text C:\WINDOWS\System32\svchost.exe[1508] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AD000A
.text C:\WINDOWS\System32\svchost.exe[1508] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\svchost.exe[1508] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\svchost.exe[1508] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\svchost.exe[1508] WININET.dll!InternetConnectA 408CDEAE 6 Bytes JMP 704A000A
.text C:\WINDOWS\System32\svchost.exe[1508] WININET.dll!InternetOpenUrlA 408DF3A4 6 Bytes JMP 70A7000A
.text C:\WINDOWS\System32\svchost.exe[1508] WININET.dll!InternetOpenUrlW 40926DDF 6 Bytes JMP 70A4000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\Programme\FolderSize\FolderSizeSvc.exe[1608] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes

Polarbär 29.07.2012 14:39
GMER Teil 7
Zitat:
JMP 714A000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\Programme\RALINK\Common\RaUI.exe[1708] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\Programme\RALINK\Common\RaUI.exe[1708] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\Programme\Secunia\PSI\psi_tray.exe[1724] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1908] kernel32.dll!SetUnhandledExceptionFilter 7C844915 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1908] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1940] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[2028] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\spoolsv.exe[2028] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[2028] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\spoolsv.exe[2028] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\spoolsv.exe[2028] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\spoolsv.exe[2028] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A

Polarbär 29.07.2012 14:40
GMER Teil 8
Zitat:
.text C:\Programme\ThreatFire\TFService.exe[2128] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\ThreatFire\TFService.exe[2128] kernel32.dll!CreateRemoteThread + 174 7C8105F0 4 Bytes JMP 716F0000
.text C:\Programme\ThreatFire\TFService.exe[2128] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 707E000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 705D000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 7087000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 708A000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7081000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 7084000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 709C000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 7057000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A2000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 704E000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 706F000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 706C000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 709F000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7051000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 705A000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 7054000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 7099000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 7096000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 708D000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 7069000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 7066000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7090000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7093000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7060000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 7078000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7072000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 7075000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7063000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 707B000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] shell32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] shell32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] shell32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] shell32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] shell32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] shell32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] wininet.dll!InternetConnectA 408CDEAE 6 Bytes JMP 704B000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] wininet.dll!InternetOpenUrlA 408DF3A4 6 Bytes JMP 70A8000A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2532] wininet.dll!InternetOpenUrlW 40926DDF 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\alg.exe[2544] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2544] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\System32\alg.exe[2544] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2544] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\System32\alg.exe[2544] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\alg.exe[2544] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2544] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\alg.exe[2544] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\alg.exe[2544] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\alg.exe[2544] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\alg.exe[2544] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\alg.exe[2544] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\alg.exe[2544] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\alg.exe[2544] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\ALCFDRTM.EXE[3548] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ntdll.dll!NtLoadDriver 7C91D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ntdll.dll!NtLoadDriver + 4 7C91D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ntdll.dll!NtSuspendProcess 7C91DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ntdll.dll!NtSuspendProcess + 4 7C91DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!DeviceIoControl 7C801629 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!DeviceIoControl + 4 7C80162D 2 Bytes [AA, 70]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!VirtualAlloc 7C809AA1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!MultiByteToWideChar 7C809C48 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!LoadResource 7C80A005 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!WideCharToMultiByte 7C80A124 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!GetProcAddress 7C80ADF0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!LoadLibraryW 7C80AE9B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateMutexW 7C80E907 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateMutexA 7C80E98F 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!OpenMutexW 7C80E9E5 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!OpenMutexA 7C80EA6B 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!GetVolumeInformationW 7C80FA35 6 Bytes JMP 710E000A

Polarbär 29.07.2012 14:41
GMER Teil9
Zitat:
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateRemoteThread 7C81047C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateRemoteThread + 4 7C810480 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateThread 7C810687 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateFileW 7C8107B0 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!WriteFile 7C810DD7 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!TerminateThread 7C81CAEB 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!MoveFileW 7C821211 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateDirectoryA 7C82175C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!GetVolumeInformationA 7C821B55 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CopyFileExW 7C827AE2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CopyFileA 7C82869E 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CopyFileW 7C82F82B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!OpenProcess 7C830999 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!DeleteFileA 7C831E8D 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!DeleteFileW 7C831F13 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateDirectoryW 7C8323B2 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!MoveFileExW 7C83563B 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!MoveFileA 7C835E6F 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!DebugActiveProcess 7C85AF93 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!MoveFileExA 7C85E333 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CopyFileExA 7C85F234 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!WinExec 7C8622B5 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!SetThreadContext 7C8639B1 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!CreateToolhelp32Snapshot 7C865A27 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegCreateKeyExW 77DA776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegOpenKeyExA 77DA7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegOpenKeyW 77DA7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!OpenProcessToken 77DA798B 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegSetValueExW 77DAD747 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegQueryValueW 77DAD85A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegSetValueExA 77DAEAC7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!AdjustTokenPrivileges 77DAEFEC 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegDeleteKeyA 77DB4288 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegDeleteKeyW 77DB5583 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!OpenSCManagerW 77DB6F3D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!OpenSCManagerA 77DC6996 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!LookupPrivilegeValueW 77DCB8C7 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegQueryValueA 77DCBB75 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegQueryValueA + 5 77DCBB7A 1 Byte [70]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!LookupPrivilegeValueA 77DCC220 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!LsaRemoveAccountRights 77DEAB91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!CreateServiceA 77E07359 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] ADVAPI32.dll!CreateServiceW 77E074F1 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!SetWindowTextW 7E36BC36 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!GetKeyState 7E36C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!GetWindowTextW 7E36CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!DrawTextW 7E36D7C2 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!ShowWindow 7E36D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!ShowWindow + 4 7E36D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!GetKeyboardState 7E36EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!GetKeyboardState + 4 7E36EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!GetAsyncKeyState 7E36F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!CreateWindowExW 7E36FC25 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!CreateWindowExA 7E36FF33 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!SetWindowsHookExW 7E37DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!SetWindowTextA 7E37F52B 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!SetWindowsHookExA 7E3811D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!SetWinEventHook 7E3817B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!GetWindowTextA 7E38212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!DrawTextA 7E38C6CA 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!DdeConnect 7E3A7F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!EndTask 7E3A9E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!RegisterRawInputDevices 7E3BCBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] USER32.dll!RegisterRawInputDevices + 4 7E3BCBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] SHELL32.dll!ShellExecuteExW 7E6B25D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] SHELL32.dll!Shell_NotifyIcon 7E6D18BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] SHELL32.dll!Shell_NotifyIconW 7E6D62A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] SHELL32.dll!ShellExecuteEx 7E6F0E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] SHELL32.dll!ShellExecuteA 7E6F11C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3596] SHELL32.dll!ShellExecuteW 7E7659D0 6 Bytes JMP 714A000A
.text C:\Programme\Secunia\PSI\sua.exe[3788] ntdll.dll!RtlDosSearchPath_U + 1D1 7C926ADA 1 Byte [62]
.text C:\Programme\Secunia\PSI\sua.exe[3788] kernel32.dll!GetBinaryTypeW + 80 7C868B34 1 Byte [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Programme\Alwil Software\Avast5\AvastUI.exe[1092] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Programme\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\WINDOWS\system32\services.exe[1180] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[1180] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000
IAT C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1908] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Programme\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip Windows7FirewallControl.sys
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\CMISTOR \Device\0000009d 8A6544C8
Device \Driver\CMISTOR \Device\0000009e 8A6544C8
Device \Driver\CMISTOR \Device\0000009f 8A6544C8

AttachedDevice \Driver\Tcpip \Device\Tcp Windows7FirewallControl.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\prodrv06 \Device\ProDrv06 E22B4008
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E10097E0

AttachedDevice \Driver\Tcpip \Device\Udp Windows7FirewallControl.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp Windows7FirewallControl.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\CMISTOR \Device\00000098 8A6544C8
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0x18 0x2A 0xC1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0x18 0x2A 0xC1 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL E83C792702BB0C48C9B33DC6829A35B902F48F0F6A40E87DBF45AF93F7E9872DFCD03532AA5E6166C1F5B1A8E9827EEBA920224776FAB6E243B32DAE30601B15BD82B39EAB7CAFC564DE33 D316A4ED1FE92FF5F66815279F079B901B6C6823A8E24736C911169E90D71E59A79188924B77A8959DE7BD4C9CE87DF9960EF9D4E41B3893D3190BABF3B784CC4519984DEE7837A0FA4D09 0CC8C0FD9E262D723C498412339FB7A0A49E10084B109A21D08B89AA4B97A66CA097D263C60F1412B758B73492D5150130C6E3C22AB13D57A7A737F5DCBB3644977FFEBC9E127BECC74CFE BC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452BA7FD869164D67945D575E7D6A3B9808A35D603C 60586167597AEA3B4077BD2970FD6495E7464E1D509819CA2AD3C8F189C700A78108EA8626EE6E36C485D6E5428293B9AD99374802C34DBC2BC1BB2C410846B384BC60FC2796682853AB02 C985911AF53F49CF88FDF0D39E1CA6F973838DFB22487F40E7A43997F2632047E12C6C4FEE5153C47E847E3974106773197FEF80785B40DF69D9C8513D24F87EC09E7C980CCE97134DCB6B 18064E4E6CEF5769C6FE0450E927F5D67AF076B156FDB84EF377D6598E9B7CDE24DF52097B522156D3C23867D9491A19113C702950B4CB8FF0A03CC25E9

---- Files - GMER 1.0.15 ----

File C:\avast! sandbox 0 bytes
File C:\avast! sandbox\S-1-5-18 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C\Dokumente und Einstellungen 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C\Dokumente und Einstellungen\Roman 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Temporary Internet Files 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Temporary Internet Files\Content.IE5 0 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat 294912 bytes
File C:\avast! sandbox\S-1-5-18\webStorage\snx_fs.dat 2504 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\IETldCache 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\IETldCache\index.dat 245760 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{0FFCAC22-BC62-11E1-AC09-0012BF525952}.dat 4608 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{27FCB81C-BC62-11E1-AC09-0012BF525952}.dat 4608 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{34180475-B23E-11E1-ABFC-0012BF525952}.dat 4608 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{4ED2C621-BC62-11E1-AC09-0012BF525952}.dat 4608 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{92FD21D3-8CA9-11E1-ABC6-0012BF525952}.dat 4608 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{99A74904-95FC-11E1-ABD2-0012BF525952}.dat 4608 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{C6503BBD-B23F-11E1-ABFC-0012BF525952}.dat 4608 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{DE30822A-95FC-11E1-ABD2-0012BF525952}.dat 3584 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E3B97DF9-B23F-11E1-ABFC-0012BF525952}.dat 4608 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\Recovery\Active\{E6354AD8-95FC-11E1-ABD2-0012BF525952}.dat 4096 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Temp 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Temporary Internet Files 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Temporary Internet Files\Content.IE5 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat 294912 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Verlauf 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Dokumente und Einstellungen\Roman\Lokale Einstellungen\Verlauf\History.IE5 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Programme 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Programme\FVD Suite 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Programme\FVD Suite\addons 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Programme\FVD Suite\addons\IE 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Programme\FVD Suite\addons\IE\FVDIEDownloader.exe 142336 bytes executable
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Programme\Java 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Programme\Java\jre6 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\Programme\Java\jre6\lib 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\WINDOWS 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\WINDOWS\Prefetch 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf 42582 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\WINDOWS\system32 0 bytes
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\C\WINDOWS\system32\url.dll 33280 bytes executable
File C:\avast! sandbox\S-1-5-21-2258962752-1167673804-3329230130-1006\webStorage\snx_fs.dat 10018 bytes
File C:\avast! sandbox\snx_rhive 262144 bytes
File C:\avast! sandbox\snx_rhive.LOG 1024 bytes

---- EOF - GMER 1.0.15 ----

cosinus 29.07.2012 19:07
Über neun Postings ein Log zu verteilen ist nicht mehr wirklich sinnvoll :wtf:
Wenn die Logs so groß, dann zippen und hier anhängen, aber wirklich nur dann wenn die Logs so eine Größe haben!

Zitat:
07:46:40.125 File: C:\Dokumente und Einstellungen\Roman\Desktop\sonstiges\minefiled\minefield-4.0-2011031913.en-US.win32-tete009-sse2-pgo\tmemutil.dll **INFECTED** Win32:Fraudo
Diese Datei kennst du? Aus welcher Quelle ist die?


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:33 Uhr.
Seite 3 von 5 12 3 45
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131