Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung? (https://www.trojaner-board.de/87183-virus-anti-malware-doktor-ueberpruefe-vollstaendige-loeschung.html)

Bilal1988 18.06.2010 11:29
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[2856] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2956] kernel32.dll!CreateThread + 1A 77B1C928 4 Bytes CALL 0044B8D9 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[3328] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71]
.text C:\Windows\ehome\ehmsas.exe[3328] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehmsas.exe[3328] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A
.text C:\Windows\ehome\ehmsas.exe[3328] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Windows\ehome\ehmsas.exe[3328] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[3328] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F]
.text C:\Windows\ehome\ehmsas.exe[3328] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F]
.text C:\Program Files\Windows Defender\MSASCui.exe[3344] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F]
.text C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F]
.text C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [89, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [86, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [8F, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [92, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [83, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [98, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [95, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [80, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8C, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[3448] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\RtHDVCpl.exe[3448] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A
.text C:\Windows\RtHDVCpl.exe[3448] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Windows\RtHDVCpl.exe[3448] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[3448] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F]
.text C:\Windows\RtHDVCpl.exe[3448] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[3460] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\system32\CLWatson.exe[3460] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A
.text C:\Windows\system32\CLWatson.exe[3460] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\CLWatson.exe[3460] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\CLWatson.exe[3460] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F]
.text C:\Windows\system32\CLWatson.exe[3460] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3556] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3684] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\System32\rundll32.exe[3684] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A
.text C:\Windows\System32\rundll32.exe[3684] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\rundll32.exe[3684] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3684] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F]
.text C:\Windows\System32\rundll32.exe[3684] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F]
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A

Bilal1988 18.06.2010 11:31
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3888] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\system32\taskeng.exe[3888] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A
.text C:\Windows\system32\taskeng.exe[3888] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\taskeng.exe[3888] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3888] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F]
.text C:\Windows\system32\taskeng.exe[3888] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[3924] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[3948] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71]
.text C:\Windows\ehome\ehtray.exe[3948] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehtray.exe[3948] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A
.text C:\Windows\ehome\ehtray.exe[3948] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Windows\ehome\ehtray.exe[3948] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[3948] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F]
.text C:\Windows\ehome\ehtray.exe[3948] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3992] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\system32\taskeng.exe[3992] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A
.text C:\Windows\system32\taskeng.exe[3992] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\taskeng.exe[3992] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3992] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F]
.text C:\Windows\system32\taskeng.exe[3992] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F]
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9C, 71]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8A, 71]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [87, 71]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [90, 71]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A2, 71]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [9F, 71]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [93, 71]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A5, 71]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [84, 71]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [99, 71]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [96, 71]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [81, 71]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\FixCamera.exe[4024] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8D, 71]
.text C:\Windows\FixCamera.exe[4024] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0B0F5A
.text C:\Windows\FixCamera.exe[4024] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Windows\FixCamera.exe[4024] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Windows\FixCamera.exe[4024] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [09, 5F]
.text C:\Windows\FixCamera.exe[4024] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F0E0F5A
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4140] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71]
.text C:\Windows\System32\mobsync.exe[4140] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\mobsync.exe[4140] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A
.text C:\Windows\System32\mobsync.exe[4140] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\mobsync.exe[4140] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4140] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F]

Bilal1988 18.06.2010 11:32
.text C:\Windows\System32\mobsync.exe[4140] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtClose + 4 77C14318 2 Bytes [7F, 71] {JG 0x73}
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8B, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [88, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [91, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [94, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [85, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [97, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [82, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8E, 71]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[4412] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F]
.text C:\Users\Bilal\Desktop\oxm7md72.exe[4568] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5208] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5216] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5228] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F]
.text C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe[5256] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[5264] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] KERNEL32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F]
.text C:\Program Files\T-Home\Meine Software\meine software.exe[5288] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtClose 77C14314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtClose + 4 77C14318 2 Bytes [80, 71]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateFile 77C143D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateFile + 4 77C143D8 2 Bytes [9E, 71]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateKey 77C14414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateKey + 4 77C14418 2 Bytes [AE, 71]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateProcess 77C14494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateProcess + 4 77C14498 2 Bytes [8C, 71]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateProcessEx 77C144A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateProcessEx + 4 77C144A8 2 Bytes [89, 71]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateSection 77C144C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateSection + 4 77C144C8 2 Bytes [92, 71]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtDeleteKey 77C147C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtDeleteKey + 4 77C147C8 2 Bytes [AA, 71]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtDeleteValueKey 77C147F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtDeleteValueKey + 4 77C147F8 2 Bytes [A4, 71]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtRenameKey 77C150C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtRenameKey + 4 77C150C8 2 Bytes [A1, 71]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtSetInformationFile 77C152E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtSetInformationFile + 4 77C152E8 2 Bytes [95, 71]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtSetValueKey 77C15454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtSetValueKey + 4 77C15458 2 Bytes [A7, 71]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtTerminateProcess 77C154F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtTerminateProcess + 4 77C154F8 2 Bytes [86, 71]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtWriteFile 77C15644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtWriteFile + 4 77C15648 2 Bytes [9B, 71]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtWriteFileGather 77C15654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtWriteFileGather + 4 77C15658 2 Bytes [98, 71]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtWriteVirtualMemory 77C15674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtWriteVirtualMemory + 4 77C15678 2 Bytes [83, 71]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateUserProcess 77C15804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] ntdll.dll!NtCreateUserProcess + 4 77C15808 2 Bytes [8F, 71]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] kernel32.dll!LoadLibraryExW 77AF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] USER32.dll!ChangeDisplaySettingsExA 76A06FE7 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] USER32.dll!SetForegroundWindow 76A0B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] USER32.dll!SetWindowPos 76A135E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] USER32.dll!SetWindowPos + 4 76A135E7 2 Bytes [0B, 5F]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5300] USER32.dll!ChangeDisplaySettingsExW 76A4A9E4 6 Bytes JMP 5F100F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[556] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00310000
IAT C:\Windows\system32\csrss.exe[584] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!LdrLoadDll] 09440000
IAT C:\Windows\system32\wininit.exe[640] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00650000
IAT C:\Windows\system32\csrss.exe[652] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!LdrLoadDll] 00830000
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[680] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003B0000
IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00670002
IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00670000
IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00890000
IAT C:\Windows\system32\lsass.exe[700] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001E0000
IAT C:\Windows\system32\lsm.exe[720] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 005C0000
IAT C:\Windows\system32\svchost.exe[868] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 002B0000
IAT C:\Windows\system32\nvvsvc.exe[932] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 009C0000
IAT C:\Windows\system32\winlogon.exe[960] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 006A0000
IAT C:\Windows\system32\svchost.exe[1000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00210000
IAT C:\Windows\System32\svchost.exe[1068] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00130000
IAT C:\Windows\System32\svchost.exe[1100] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 006D0000
IAT C:\Windows\System32\svchost.exe[1144] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00D10000
IAT C:\Windows\system32\svchost.exe[1160] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 010B0000
IAT C:\Windows\system32\svchost.exe[1320] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00120000
IAT C:\Windows\system32\svchost.exe[1428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00D70000
IAT C:\Windows\system32\rundll32.exe[1484] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00660000
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1528] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01080000
IAT C:\Windows\system32\IoctlSvc.exe[1552] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003D0000
IAT C:\Windows\system32\svchost.exe[1672] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00900000
IAT C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1716] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00530000
IAT C:\Windows\System32\spoolsv.exe[1964] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00090000
IAT C:\Windows\system32\svchost.exe[1992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01710000
IAT C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2004] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00EF0000
IAT C:\Windows\system32\PnkBstrA.exe[2068] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00810000
IAT C:\Windows\system32\svchost.exe[2084] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00930000
IAT C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2096] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00960000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[2136] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004A0000
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2164] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044BD5C] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2164] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044BD5C] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe[2264] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 010B0000
IAT C:\Windows\system32\svchost.exe[2296] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01020000
IAT C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[2332] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00A10000
IAT C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe[2396] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01B40000
IAT C:\Windows\system32\CLWatson.exe[2424] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00280000
IAT C:\Windows\System32\svchost.exe[2444] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000A0000
IAT C:\Windows\system32\SearchIndexer.exe[2504] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 05680000
IAT C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[2556] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00200000
IAT C:\Windows\system32\WUDFHost.exe[2764] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 007F0000
IAT C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe[2828] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01A80000
IAT C:\Windows\system32\CLWatson.exe[2840] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00280000
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2852] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001D0000
IAT C:\Windows\system32\wbem\wmiprvse.exe[2856] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 009C0000
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2956] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044BA30] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2956] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044BA30] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\Windows Defender\MSASCui.exe[3344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00660000
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3372] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001C0000
IAT C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe[3412] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 002C0000
IAT C:\Program Files\HomeCinema\TV Enhance\TVEService.exe[3420] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003F0000
IAT C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3424] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003C0000
IAT C:\Windows\RtHDVCpl.exe[3448] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001D0000
IAT C:\Windows\system32\CLWatson.exe[3460] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001A0000
IAT C:\Windows\system32\taskeng.exe[3556] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00280000
IAT C:\Windows\System32\rundll32.exe[3684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001F0000
IAT C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3700] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 002A0000
IAT C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3704] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003A0000
IAT C:\Windows\system32\Dwm.exe[3824] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00180000
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3860] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003C0000
IAT C:\Windows\system32\taskeng.exe[3888] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000B0000
IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74917817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7496A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7491BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7490F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7490E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74948395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7491DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7490FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7490FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7499CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7493C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7490D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74906853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7490687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74912AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3924] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001C0000
IAT C:\Windows\system32\taskeng.exe[3992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00300000
IAT C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[4016] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00810000
IAT C:\Windows\FixCamera.exe[4024] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 002B0000

Larusso 18.06.2010 12:25
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
  • Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.
  • Button "ESET Online Scanner" drücken.
  • Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
  • Das Firefox-Addon auf dem Desktop speichern und dann installieren.
  • IE-User müssen das Installieren eines ActiveX Elements erlauben.
  • Einen Haken bei "Remove found threads" und "Scan archives" machen.
  • Start drücken.
  • Signaturen werden heruntergeladen.
  • Der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
  • IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
  • O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)

Larusso 25.06.2010 12:13
Fehlende Rückmeldung

Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.

PN an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere eröffnet bitte einen eigenen Thread.


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:18 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19