|
TR/Crypt.XPACK.Gen Trojaner im System gefunden habe heute morgen mein system gestartet und wollte eine datei ausführen. aber anstatt das die datei ausgeführt wurde, ist der bildschirm plötzlich schwarz geworden und ich musste den computer neu starten. nach dem reboot habe ich den ordner der datei mit antivir gescannt und es wurde der trojaner TR/Crypt.XPACK.Gen gefunden, den ich dann natürlich sofort in quarantäne verschoben habe. als ich danach dann das komplette system scannen wollte, hat sich der pc mitten im scan neu gestartet. nach diesem neustart wurde mir angezeigt, dass ein schwerwiegender fehler im system zum reboot geführt hat. deswegen hab ich dann erstmal malewarebytes das system scannen lassen und hier ist das gleiche passiert - ein neustart mitten im scan. es scheint so, als ob das system neustartet wenn eine bestimmte datei gescannt werden soll... ist ja offensichtlich. demnach mach ich jetzt erstmal nichts mehr. hier erstmal der highjackthis log. ich hoffe ihr könnt mir helfen Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:53:20, on 13.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\CyberLink\Shared Files\RichVideo.exe C:\Programme\Spyware Doctor\pctsAuxs.exe C:\Programme\Spyware Doctor\pctsSvc.exe C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe C:\Programme\Windows Media Player\wmpnetwk.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\Programme\Spyware Doctor\pctsTray.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\SMSC\SetIcon.exe C:\Programme\Home Cinema\TV Enhance\TVEService.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Exif Launcher\QuickDCF.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://w*w.aldi.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://search.qip.ru R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.aldi.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://w*w.aldi.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://search.qip.ru R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SetIcon] \Programme\SMSC\SetIcon.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Programme\Home Cinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [TVEService] "C:\Programme\Home Cinema\TV Enhance\TVEService.exe" O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c " O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "C:\Programme\Valve\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Exif Launcher.lnk = C:\Programme\Exif Launcher\QuickDCF.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://w*w.aldi.com/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.c*m/fwlink/?LinkID=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160402350437 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161001832152 O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 9994 bytes |
Hi radiowave und :hallo: Hast du das alles auch einmal im Safeboot probiert? Das Log ist nicht wirklich dramatisch und zeigt auch keine "bedrohlichen" Prozesse... Was hätte dann diese Datei sein sollen? Wie heisst diese und wo befindet sie sich genau? Hat Malwarebytes etwas gefunden bis zu dem Punkt als dein System gerebootet wurde? Hast du sonst noch irgendwelche Programme angewandt? grüsse trojan-death |
ich kann mittlerweile alle viren programme durchlaufen lassen (antivir, spyware doctor, malewarebytes, spybot) und es hat auch keines irgendetwas gefunden. der virus, der anfangs den bildschirm schwarz gemacht hat, war im qip (ein internet messenger) ordner unter empfangenen dateien. also in dem ordner wo die dateien gespeichert werden, die ich geschickt bekomme. da war der virus in einer datei drin. gestern und davor war da aber noch nichts. und noch was ist ungewöhnlich: nach den reboots arbeitet mein pc plötzlich nur noch mit 1 gb ram und es wird auch nur 1 gb ram angezeigt (im task manager und bei ccleaner) , obwohl 2 gb ram im pc stecken und es gestern noch 2 waren. kann es sein, dass der virus sich vielleicht tarnt oder sowas? und wird vielleicht ein screenshot von meinen laufenden prozessen im taskmanager gebraucht? |
Sieht ganz danach aus, als würde sich etwas tarnen wollen... Folgendes: Blacklight scannen lassen * Lade F-Secure Blacklight runter in einen eigenen Ordner, z.B. C:\programme\blacklight. Sollte der Download nicht klappen, dann probiere es mit diesem Link. * Starte in diesem Ordner blbeta.exe. Alle anderen Programme schließen. * Klick "I accept the agreement", "next", "Scan". * Wenn der Scan fertig ist beende Blacklight mit "Close". * Im Verzeichnis von Blacklight findest Du das erstellte Log fsbl-XXX.log, anstelle der XXX steht eine längere Folge von Ziffern. Poste dieses bitte! Gmer scannen lassen Lade dir Gmer von dieser Seite runter und entpacke es auf deinen Desktop.
Bitte auch neues HJT Log posten:daumenhoc |
hier der 1. teil des logs von gmer: GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-01-13 23:36:17 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateKey [0xF3E687A6] SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0xF3E65794] SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcessEx [0xF3E65F1E] SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xF7821C40] SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteKey [0xF3E691F0] SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteValueKey [0xF3E6942A] SSDT spdy.sys ZwEnumerateKey [0xF732ECA2] SSDT spdy.sys ZwEnumerateValueKey [0xF732F030] SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xF78218D0] SSDT spdy.sys ZwOpenKey [0xF73100C0] SSDT spdy.sys ZwQueryKey [0xF732F108] SSDT spdy.sys ZwQueryValueKey [0xF732EF88] SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwRenameKey [0xF3E6A12A] SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwSetValueKey [0xF3E6983C] SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xF7821E70] SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwTerminateProcess [0xF7821E00] SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0xF3E64384] INT 0x62 ? 86FD6BF8 INT 0x63 ? 86CB6BF8 INT 0x74 ? 86CB6BF8 INT 0x94 ? 86FD6BF8 INT 0x94 ? 86FD6BF8 INT 0x94 ? 86CB6BF8 INT 0x94 ? 86FD6BF8 INT 0xB4 ? 86CB6BF8 ---- Kernel code sections - GMER 1.0.14 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 301A 805048B6 2 Bytes [ E6, F3 ] ? spdy.sys Das System kann die angegebene Datei nicht finden. ! .text USBPORT.SYS!DllUnload F66A48AC 5 Bytes JMP 86CB61D8 .text an041ex1.SYS F651F386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ] .text an041ex1.SYS F651F3AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text an041ex1.SYS F651F3C4 3 Bytes [ 00, 70, 02 ] .text an041ex1.SYS F651F3C9 1 Byte [ 2E ] .text an041ex1.SYS F651F3CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ] .text ... ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Das System kann die angegebene Datei nicht finden. ! ---- User code sections - GMER 1.0.14 ---- .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\System32\svchost.exe[160] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, B8, 84 ] .text C:\WINDOWS\System32\svchost.exe[160] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\System32\svchost.exe[160] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 31, 84 ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[188] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text |
hier der 2. teil des logs von gmer: C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[240] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[240] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 5F, 85 ] .text C:\WINDOWS\RTHDCPL.EXE[240] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\WINDOWS\RTHDCPL.EXE[240] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\RTHDCPL.EXE[240] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\WinRAR\WinRAR.exe[252] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\WinRAR\WinRAR.exe[252] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 61, 84 ] .text C:\Programme\WinRAR\WinRAR.exe[252] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\Programme\WinRAR\WinRAR.exe[252] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\WinRAR\WinRAR.exe[252] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 |
der 3. teil von gmer (man ist das viel): Bytes [ 0E, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 21, 84 ] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[356] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, F4, 83 ] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[364] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 32, 84 ] .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe[500] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 65, 84 ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\Programme\Mozilla Firefox\firefox.exe[520] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Mozilla Firefox\firefox.exe[520] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP |
der 4. teil von gmer: 5F2E0F5A .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[536] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[536] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 23, 84 ] .text C:\WINDOWS\system32\nvsvc32.exe[536] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\nvsvc32.exe[536] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\csrss.exe[596] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 96, 84 ] .text C:\WINDOWS\system32\csrss.exe[596] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\csrss.exe[596] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, A7, 84 ] .text C:\WINDOWS\system32\winlogon.exe[620] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\winlogon.exe[620] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] |
der 5. teil: .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\services.exe[664] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 8E, 84 ] .text C:\WINDOWS\system32\services.exe[664] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\services.exe[664] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 59, 84 ] .text C:\WINDOWS\system32\lsass.exe[676] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\lsass.exe[676] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 76, 84 ] .text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7E, 84 ] .text C:\WINDOWS\system32\svchost.exe[900] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\svchost.exe[900] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text |
der 6. teil: .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[664] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\services.exe[664] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 8E, 84 ] .text C:\WINDOWS\system32\services.exe[664] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\services.exe[664] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[676] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\lsass.exe[676] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 59, 84 ] .text C:\WINDOWS\system32\lsass.exe[676] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\lsass.exe[676] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 76, 84 ] .text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7E, 84 ] .text C:\WINDOWS\system32\svchost.exe[900] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\svchost.exe[900] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\CyberLink\Shared Files\RichVideo.exe[976] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text |
der 7. teil: .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 03, 84 ] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Spyware Doctor\pctsAuxs.exe[1176] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Spyware Doctor\pctsSvc.exe[1240] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes [ 23, A1, C3, 83 ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, E2, 84 ] .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BD, 83 ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] ADVAPI32.dll!LsaClose + 7A8 77DB268C 1 Byte [ A5 ] .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Dokumente und Einstellungen\Ritzi\Desktop\gmer.exe[1444] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] |
der 8. teil: .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\dllhost.exe[1544] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, F7, 83 ] .text C:\WINDOWS\system32\dllhost.exe[1544] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\WINDOWS\system32\dllhost.exe[1544] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\dllhost.exe[1544] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1660] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7B, 84 ] .text C:\WINDOWS\system32\spoolsv.exe[1660] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\spoolsv.exe[1660] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 44, 84 ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Exif Launcher\QuickDCF.exe[1724] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, B2, 84 ] .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\AntiVir PersonalEdition Classic\sched.exe[1792] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] |
9. teil: .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 80, 85 ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] kernel32.dll!SetConsoleInputExeNameA + 121 7C871EE9 1 Byte [ 8B ] .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\AntiVir PersonalEdition Classic\avguard.exe[1804] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 5C, 84 ] .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1816] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] |
10. teil: .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 13, 84 ] .text C:\Programme\Bonjour\mDNSResponder.exe[1856] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Bonjour\mDNSResponder.exe[1856] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2E, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 25, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 22, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 28, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1C, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1F, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 2B, 5F ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, ED, 87 ] .text C:\WINDOWS\eHome\ehRecvr.exe[1884] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F340F5A .text C:\WINDOWS\eHome\ehRecvr.exe[1884] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F300F5A .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\eHome\ehSched.exe[1940] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\eHome\ehSched.exe[1940] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 61, 84 ] .text C:\WINDOWS\eHome\ehSched.exe[1940] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\eHome\ehSched.exe[1940] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 70, 8A ] .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] user32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe[1984] user32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A |
11. teil: .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\svchost.exe[2104] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 79, 84 ] .text C:\WINDOWS\system32\svchost.exe[2104] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\svchost.exe[2104] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, A4, 85 ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2188] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 8E, 84 ] .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2320] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Spyware Doctor\pctsTray.exe[2344] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 16, 86 ] .text C:\Programme\Spyware Doctor\pctsTray.exe[2344] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\Programme\Spyware Doctor\pctsTray.exe[2344] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes [ 37, A1, C3, 83 ] .text C:\Programme\Spyware Doctor\pctsTray.exe[2344] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A .text C:\Programme\Spyware Doctor\pctsTray.exe[2344] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, |
12. teil: 1E ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, FF, 83 ] .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\ehome\mcrdsvc.exe[2428] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, FF, 84 ] .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\System32\alg.exe[2748] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, FF, 83 ] .text C:\WINDOWS\System32\alg.exe[2748] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\WINDOWS\System32\alg.exe[2748] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\System32\alg.exe[2748] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7D, 84 ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ole32.dll!OleRegEnumVerbs + 166 7754810C 2 Bytes [ 66, A5 ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] |
13. teil: .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, A7, 84 ] .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 41, 84 ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 6C, 84 ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 2F, 84 ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[3552] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] |
der 14. teil: .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3996] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 52, 84 ] .text C:\WINDOWS\system32\ctfmon.exe[3996] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\WINDOWS\system32\ctfmon.exe[3996] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\ctfmon.exe[3996] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ] .text C:\WINDOWS\Explorer.EXE[4092] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 59, 84 ] .text C:\WINDOWS\Explorer.EXE[4092] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text C:\WINDOWS\Explorer.EXE[4092] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\Explorer.EXE[4092] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7311040] spdy.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F731113C] spdy.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73110BE] spdy.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73117FC] spdy.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73116D2] spdy.sys IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74 IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!KeGetCurrentIrql] 57B80974 IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!KfRaiseIrql] 8B000000 IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!KfLowerIrql] 56C35DE5 IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!HalGetInterruptVector] 8D08758B IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55 IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55 IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455 IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856 IAT \SystemRoot\System32\Drivers\an041ex1.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520 IAT \SystemRoot\System32\Drivers\an041ex1.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7321048] spdy.sys IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7143DB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7143D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F7143CB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F7143B30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F7143B30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7143D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7143DB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F7143CB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F7143B30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F7143CB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7143DB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7143D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7143DB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7143D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F7143B30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F7143CB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F7143B30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7143D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7143DB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F7143DB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F7143D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F7143CB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F7143B30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F7143B30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F7143CB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7143DB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7143D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) |
und der letzte teil des gmer logs (endlich): ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 86FD51F8 Device \FileSystem\Fastfat \FatCdrom 8695A500 Device \Driver\usbstor \Device\0000008f 8695B500 Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) Device \Driver\usbuhci \Device\USBPDO-0 86CB51F8 Device \Driver\PCI_PNP7952 \Device\00000051 spdy.sys Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F671F8 Device \Driver\dmio \Device\DmControl\DmConfig 86F671F8 Device \Driver\dmio \Device\DmControl\DmPnP 86F671F8 Device \Driver\dmio \Device\DmControl\DmInfo 86F671F8 Device \Driver\usbuhci \Device\USBPDO-1 86CB51F8 Device \Driver\usbuhci \Device\USBPDO-2 86CB51F8 Device \Driver\usbuhci \Device\USBPDO-3 86CB51F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{AD474FDF-275F-4818-B9F3-B7D031457C16} 86B73500 Device \Driver\usbehci \Device\USBPDO-4 86C871F8 Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) Device \Driver\sptd \Device\3568485452 spdy.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD71F8 Device \Driver\Cdrom \Device\CdRom0 86CBB1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD71F8 Device \Driver\Cdrom \Device\CdRom1 86CBB1F8 Device \Driver\Cdrom \Device\CdRom2 86CBB1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 86B73500 Device \Driver\usbstor \Device\00000091 8695B500 Device \Driver\NetBT \Device\NetbiosSmb 86B73500 Device \Driver\usbstor \Device\00000092 8695B500 Device \Driver\usbstor \Device\00000093 8695B500 Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) Device \Driver\usbuhci \Device\USBFDO-0 86CB51F8 Device \Driver\usbuhci \Device\USBFDO-1 86CB51F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86BB7500 Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) Device \Driver\usbuhci \Device\USBFDO-2 86CB51F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 86BB7500 Device \Driver\usbuhci \Device\USBFDO-3 86CB51F8 Device \Driver\usbehci \Device\USBFDO-4 86C871F8 Device \Driver\Ftdisk \Device\FtControl 86FD71F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{02356E98-FF34-4314-AAE7-EA7016E8BAD1} 86B73500 Device \Driver\an041ex1 \Device\Scsi\an041ex11 86C751F8 Device \Driver\an041ex1 \Device\Scsi\an041ex11Port3Path0Target0Lun0 86C751F8 Device \FileSystem\Fastfat \Fat 8695A500 AttachedDevice \FileSystem\Fastfat \Fat FLTMGR.SYS (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 86A25500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0A 0x48 0x28 0x86 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x53 0xA8 0x36 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA7 0xED 0xE2 0xEF ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0A 0x48 0x28 0x86 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x53 0xA8 0x36 0xB0 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA7 0xED 0xE2 0xEF ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION E4C496E5198B0293A9D1FAA92C0BC34DBE0C91848A543890DFFE784C948B9D9D579975F1354630CFF9BE460F24C47C152D26FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFE BC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E6678EDD5E5BE2F6E667A2D97226D213B555FC993073F05E6C6651F9B35C4107D82C12672119 EB71B36AADC92CD990AF4DFC23E83A44B7B8A9BB4F7D23B1245B055B4E9A09B2BB13F61864DE38ED7C1C92C0847A98410666AC7D5704AEBF2C501B74DD9B35779FB0973A9C5F360D243725 1261B1C39E57160EFE09CC3A01867EEA2360260FC8967141EE1825389DF6D4A8A5BC2498682C668A2BC7CA884765756B253D2BE65A216FC169DC3D36D966BD64C2DC9DD6FC07ED04FD3B26 C5B4FAB6B54C1C50ED36C53B8C71B4EA0CCEE8ACC4C6CD1CA38EEFB6FD0A51BA7D42823988006AEDBAB88DD638622D22F95F7AD3D9A05DD2872672BB23F3B91821BAB665C4B9D88E479287 3A012A990DA14099D45755A0A66D1C9EEEBEF3E80007BE589971875D74F249C2CD444D10098A7BC749157DED33A72087B4C258946C67C0AC28378C319300B3D6F30664E928226F8C3C0FC4 5FC7E835456743823C07600BFC58E4FED19514015D7E6B9746AE364D722EE56CD4E4CA31F2D2F9E71EAF73B694626DA7FE543B30F2B2C1A88697791A081 Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@j!s!i!`!r!`!e!d!\30!\30!t!e!s!m!s!y! 71230 ---- EOF - GMER 1.0.14 ---- |
nun der blacklight log: 01/13/09 22:30:44 [Info]: BlackLight Engine 2.2.1092 initialized 01/13/09 22:30:44 [Info]: OS: 5.1 build 2600 (Service Pack 3) 01/13/09 22:30:44 [Note]: 7019 4 01/13/09 22:30:44 [Note]: 7005 0 01/13/09 22:30:49 [Note]: 7006 0 01/13/09 22:30:49 [Note]: 7011 4092 01/13/09 22:30:49 [Note]: 7035 0 01/13/09 22:30:49 [Note]: 7026 0 01/13/09 22:30:49 [Note]: 7026 0 01/13/09 22:30:52 [Note]: FSRAW library version 1.7.1024 01/13/09 23:19:44 [Note]: 7007 0 _________________________________________________________________ und hier der highjackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:10:06, on 14.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\CyberLink\Shared Files\RichVideo.exe C:\Programme\Spyware Doctor\pctsAuxs.exe C:\Programme\Spyware Doctor\pctsSvc.exe C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Programme\Windows Media Player\wmpnetwk.exe C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\SMSC\SetIcon.exe C:\Programme\Home Cinema\TV Enhance\TVEService.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe C:\Programme\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\Programme\Exif Launcher\QuickDCF.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\WinRAR\WinRAR.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programme\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SetIcon] \Programme\SMSC\SetIcon.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Programme\Home Cinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [TVEService] "C:\Programme\Home Cinema\TV Enhance\TVEService.exe" O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c " O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "C:\Programme\Valve\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programme\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Exif Launcher.lnk = C:\Programme\Exif Launcher\QuickDCF.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160402350437 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161001832152 O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 10048 bytes |
was ist nun? ist alles in ordnung, oder versteckt sich irgendwo etwas bösartiges? |
Hey ;) ComboFix
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten. (ausführliche Anleitung -> Ein Leitfaden und Tutorium zur Nutzung von ComboFix) |