GMER Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-08-03 18:54:34
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6 ST3500320AS rev.SD15
Running: q8oop642.exe; Driver: C:\DOKUME~1\Besitzer\LOKALE~1\Temp\fxliikod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB3C3A202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB3CC8D8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB3C5E6C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB3C3C7F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB3C3C848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB3C3C95E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB3C5E075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB3C3C746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB3C3C898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB3C3C79A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB3C3C90C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB3C3A226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB3C5ED87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB3C5F03D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB3C3CBE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB3C5EBF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB3C5EA5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB3CC8E3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB3C39FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB3C3A24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB3C3CD56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB3C3ACDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB3C3C820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB3C3C870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB3C3C988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB3C5E3D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB3C3C772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB3C3CA1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB3C3C8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB3C3C7C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB3C3CAFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB3C3C936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB3CC8ED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB3C5E8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB3C3ABA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB3C5E72A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB3CD110E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB3C5D6E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB3C3A26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB3C3A292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB3C3A04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB3C3A186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB3C5EE8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB3C3A162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB3C3A1AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB3C3A2B6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB3CDE398]
Code \??\C:\DOKUME~1\Besitzer\LOKALE~1\Temp\catchme.sys pIofCallDriver
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2D08 805045A4 4 Bytes [5D, EA, C5, B3]
.text ntkrnlpa.exe!ZwCallbackReturn + 2E64 80504700 4 Bytes CALL B28EFACA
.text ntkrnlpa.exe!ZwCallbackReturn + 2F14 805047B0 4 Bytes [E8, D6, C5, B3]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL B3C3B335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP B3CD9D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP B3CDB7F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP B3CDE39C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6D923A0, 0x5CC259, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF809962 5 Bytes JMP B3C3DCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813956 5 Bytes JMP B3C3DBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF824309 5 Bytes JMP B3C3CF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828C73 5 Bytes JMP B3C3DE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316BE 5 Bytes JMP B3C3E014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF83A0FC 5 Bytes JMP B3C3DB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP B3C3CE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E554 5 Bytes JMP B3C3D180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E5DF 5 Bytes JMP B3C3D326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F852 5 Bytes JMP B3C3CE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5454 BF864C1E 5 Bytes JMP B3C3DBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF873F63 5 Bytes JMP B3C3D2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF8947C0 5 Bytes JMP B3C3DD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895298 5 Bytes JMP B3C3DF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89DBD8 5 Bytes JMP B3C3CFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP B3C3D03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA5B2 5 Bytes JMP B3C3D0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA832 5 Bytes JMP B3C3D0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2A7 5 Bytes JMP B3C3CD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP B3C3CEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF913FB9 5 Bytes JMP B3C3D008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F12 BF916918 5 Bytes JMP B3C3D440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 18FC BF94638A 5 Bytes JMP B3C3DECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\DOKUME~1\Besitzer\LOKALE~1\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[108] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\spoolsv.exe[212] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[212] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[212] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[212] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[212] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[212] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[212] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[212] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[212] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[212] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[212] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[212] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[212] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[212] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[212] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[212] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[212] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\Hotspot Shield\bin\hsswd.exe[312] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Programme\Hotspot Shield\bin\hsswd.exe[312] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Programme\Hotspot Shield\bin\hsswd.exe[312] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804
.text C:\Programme\Hotspot Shield\bin\hsswd.exe[312] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08
.text C:\Programme\Hotspot Shield\bin\hsswd.exe[312] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600
.text C:\Programme\Hotspot Shield\bin\hsswd.exe[312] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8
.text C:\Programme\Hotspot Shield\bin\hsswd.exe[312] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003B1014
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003B0804
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003B0A08
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003B0C0C
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003B0E10
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003B01F8
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003B03FC
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003B0600
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003C0804
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003C0A08
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003C0600
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003C01F8
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[412] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003C03FC
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[444] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\System32\svchost.exe[464] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[464] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[464] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[464] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[464] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[464] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[464] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[464] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[464] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[480] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[480] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[480] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[480] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[480] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[480] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[480] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[480] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[480] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\explorer.exe[548] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\explorer.exe[548] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrA.exe[612] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\PnkBstrA.exe[612] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrA.exe[612] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\PnkBstrA.exe[612] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrA.exe[612] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\PnkBstrA.exe[612] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08
.text C:\WINDOWS\system32\PnkBstrA.exe[612] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]
.text C:\WINDOWS\system32\PnkBstrA.exe[612] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\PnkBstrA.exe[612] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\PnkBstrA.exe[612] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\PnkBstrA.exe[612] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\WINDOWS\system32\PnkBstrA.exe[612] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\WINDOWS\system32\PnkBstrA.exe[612] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\PnkBstrA.exe[612] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\PnkBstrA.exe[612] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\PnkBstrA.exe[612] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\PnkBstrA.exe[612] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\PnkBstrA.exe[612] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\PnkBstrA.exe[612] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\smss.exe[656] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[684] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[684] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[684] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[684] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[684] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[684] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[684] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[684] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[684] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\csrss.exe[704] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[704] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[740] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\wdfmgr.exe[740] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[740] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\wdfmgr.exe[740] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[740] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\wdfmgr.exe[740] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wdfmgr.exe[740] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wdfmgr.exe[740] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\wdfmgr.exe[740] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\wdfmgr.exe[740] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wdfmgr.exe[740] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wdfmgr.exe[740] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wdfmgr.exe[740] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wdfmgr.exe[740] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wdfmgr.exe[740] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wdfmgr.exe[740] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wdfmgr.exe[740] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\winlogon.exe[972] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[972] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[972] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[972] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[972] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[972] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[972] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[972] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[972] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[1040] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1040] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1040] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1040] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\services.exe[1040] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[1040] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[1040] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\services.exe[1040] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\services.exe[1040] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[1040] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[1040] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[1040] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\services.exe[1040] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\services.exe[1040] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\services.exe[1040] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\services.exe[1040] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\lsass.exe[1052] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1052] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1052] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[1052] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[1052] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[1052] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[1052] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[1052] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[1052] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[1052] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[1052] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\nvsvc32.exe[1240] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\nvsvc32.exe[1240] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1240] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\nvsvc32.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\WINDOWS\system32\nvsvc32.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\WINDOWS\system32\nvsvc32.exe[1240] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\nvsvc32.exe[1240] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\nvsvc32.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\nvsvc32.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\nvsvc32.exe[1240] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\nvsvc32.exe[1240] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[1240] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\nvsvc32.exe[1240] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804
.text C:\WINDOWS\system32\nvsvc32.exe[1240] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08
.text C:\WINDOWS\system32\nvsvc32.exe[1240] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\nvsvc32.exe[1240] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8
.text C:\WINDOWS\system32\nvsvc32.exe[1240] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\alg.exe[1276] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[1276] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1276] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[1276] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1276] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[1276] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[1276] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[1276] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[1276] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[1276] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[1276] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[1276] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[1276] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[1276] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[1276] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[1276] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[1276] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1588] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1588] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1672] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1672] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1672] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1672] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1672] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1672] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1784] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1784] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1784] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Dokumente und Einstellungen\Besitzer\Desktop\q8oop642.exe[2020] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Dokumente und Einstellungen\Besitzer\Desktop\q8oop642.exe[2020] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2320] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[2320] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2320] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[2320] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2320] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[2320] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[2320] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[2320] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[2320] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[2320] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[2320] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[2320] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[2320] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[2320] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[2320] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[2320] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[2320] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2544] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\LVCOMSX.EXE[2876] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\LVCOMSX.EXE[2876] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\LVCOMSX.EXE[2876] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\LVCOMSX.EXE[2876] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\LVCOMSX.EXE[2876] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\LVCOMSX.EXE[2876] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\LVCOMSX.EXE[2876] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\LVCOMSX.EXE[2876] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\LVCOMSX.EXE[2876] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\LVCOMSX.EXE[2876] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\LVCOMSX.EXE[2876] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\LVCOMSX.EXE[2876] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\LVCOMSX.EXE[2876] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\LVCOMSX.EXE[2876] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\LVCOMSX.EXE[2876] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\LVCOMSX.EXE[2876] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\LVCOMSX.EXE[2876] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\LVCOMSX.EXE[2876] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Programme\Alwil Software\Avast5\avastUI.exe[2908] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Alwil Software\Avast5\avastUI.exe[2908] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\RTHDCPL.EXE[3224] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\RTHDCPL.EXE[3224] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\RTHDCPL.EXE[3224] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\system32\notepad.exe[3696] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\notepad.exe[3696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[4020] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[4020] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[1040] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[1040] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
--- --- ---
03.08.2011, 18:01
Linear-Darstellung
