Malewarebytes findet ganz viele PUPBlabbers

cosinus · 17.10.2012, 16:10

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Fabienne · 18.10.2012, 15:33

hab ich gemacht...es hat einige alte dinge wieder hergestellt, die ich längst
gelöscht hatte....*dummguck* - auch mein desktophintergrund hat es verändert.
Soll das so sein?

hier is die datei:

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-10-18.03 - Fabiènne 18.10.2012  15:52:58.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2008.1176 [GMT 2:00]
ausgeführt von:: c:\users\Surfen\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-18 bis 2012-10-18  ))))))))))))))))))))))))))))))
.
.
2012-10-18 14:03 . 2012-10-18 14:05	--------	d-----w-	c:\users\Fabiènne\AppData\Local\temp
2012-10-18 14:03 . 2012-10-18 14:03	--------	d-----w-	c:\users\Surfen\AppData\Local\temp
2012-10-18 14:03 . 2012-10-18 14:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-17 23:02 . 2012-10-12 05:56	6918632	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EECF4380-261D-4E74-8AD9-5AC6246614C7}\mpengine.dll
2012-10-13 18:36 . 2012-10-13 18:36	--------	d-----w-	c:\program files\ESET
2012-10-12 23:48 . 2012-09-07 15:04	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-12 23:48 . 2012-10-12 23:48	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-10-11 18:02 . 2012-10-11 18:02	--------	d-----w-	c:\users\Surfen\AppData\Roaming\Sonic Solutions
2012-10-10 12:14 . 2012-06-02 00:02	985088	----a-w-	c:\windows\system32\crypt32.dll
2012-10-10 12:14 . 2012-06-02 00:02	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-10 12:14 . 2012-06-02 00:02	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-10 12:14 . 2012-08-24 15:53	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-10-10 12:14 . 2012-09-13 13:28	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-10 12:13 . 2012-08-29 11:27	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-10-10 12:13 . 2012-08-29 11:27	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-10-07 01:13 . 2012-10-07 01:13	--------	d-----w-	c:\users\Surfen\.thumbnails
2012-10-07 01:04 . 2012-10-07 01:04	--------	d-----w-	c:\users\Surfen\AppData\Local\fontconfig
2012-10-07 01:04 . 2012-10-10 23:06	--------	d-----w-	c:\users\Surfen\.gimp-2.8
2012-10-07 01:04 . 2012-10-07 01:04	--------	d-----w-	c:\users\Surfen\AppData\Local\gegl-0.2
2012-10-07 00:59 . 2012-10-07 01:02	--------	d-----w-	c:\program files\GIMP 2
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 12:34 . 2012-04-09 13:39	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-09 12:34 . 2011-07-09 23:43	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-21 09:13 . 2012-05-27 01:57	355632	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-05-27 01:57	729752	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-05-27 01:57	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-06-03 01:12	202928	----a-w-	c:\windows\system32\drivers\aswNdis2.sys
2012-08-21 09:13 . 2012-06-03 01:12	18544	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2012-08-21 09:13 . 2012-05-27 01:57	35928	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-05-27 01:57	58680	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-06-03 01:14	113776	----a-w-	c:\windows\system32\drivers\aswFW.sys
2012-08-21 09:13 . 2012-05-27 01:57	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-05-27 01:56	41224	----a-w-	c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-05-27 01:56	227648	----a-w-	c:\windows\system32\aswBoot.exe
2012-09-08 13:02 . 2012-08-06 23:52	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12	121528	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"aswAhAScr.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2012-08-21 76648]
"aswasOutExt.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2012-08-21 76648]
" Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-07 766536]
.
c:\users\Fabiènne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
tbhcn.lnk - c:\users\Fabiènne\AppData\Roaming\BrowserCompanion\tbhcn.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
Secunia PSI Tray.lnk - c:\users\Fabiènne\Desktop\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 12:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 
FF - ProfilePath - c:\users\Fabiènne\AppData\Roaming\Mozilla\Firefox\Profiles\7sozphux.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Exetender_148 - c:\program files\FreeRide Games\GPlayer.exe
HKCU-Run-Spiele Post - c:\program files\OXXOGames\GPlayer\GameCenterNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-18 16:05
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-18  16:07:49
ComboFix-quarantined-files.txt  2012-10-18 14:07
.
Vor Suchlauf: 10 Verzeichnis(se), 38.184.972.288 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 68.762.861.568 Bytes frei
.
- - End Of File - - EF6D580048BDDE561C01E5698607520A

--- --- ---

cosinus · 18.10.2012, 16:11

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Fabienne · 25.10.2012, 13:26

ok, gmer hab ich schonmal geschafft:

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-25 14:25:08
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FBEO
Running: hsh9c61l.exe; Driver: C:\Users\FABINN~1\AppData\Local\Temp\uxdyakod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwAddBootEntry [0x8DB25708]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                    ZwAllocateVirtualMemory [0x8E1DB7C8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwAssignProcessToJobObject [0x8DB2611C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateEvent [0x8DB30F28]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateEventPair [0x8DB30F74]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateIoCompletion [0x8DB310F6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateMutant [0x8DB30E96]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                    ZwCreateSection [0x8E1DBBBA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateSemaphore [0x8DB30EDE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateThread [0x8DB26310]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateTimer [0x8DB310B0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwDebugActiveProcess [0x8DB26A9C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwDeleteBootEntry [0x8DB25756]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                    ZwFreeVirtualMemory [0x8E1DB8AC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwLoadDriver [0x8DB253BE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwModifyBootEntry [0x8DB257A4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwNotifyChangeKey [0x8DB2A456]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwNotifyChangeMultipleKeys [0x8DB27464]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenEvent [0x8DB30F52]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenEventPair [0x8DB30F96]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenIoCompletion [0x8DB3111A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenMutant [0x8DB30EBC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenSection [0x8DB3103A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenSemaphore [0x8DB30F06]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenTimer [0x8DB310D4]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                    ZwProtectVirtualMemory [0x8E1DBA2C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwQueryObject [0x8DB27330]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwQueueApcThread [0x8DB26EDA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwSetBootEntryOrder [0x8DB257F2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwSetBootOptions [0x8DB25840]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwSetContextThread [0x8DB2691C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwSetSystemInformation [0x8DB25448]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwSetSystemPowerState [0x8DB255F8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwShutdownSystem [0x8DB2559E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwSuspendProcess [0x8DB26BFE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwSuspendThread [0x8DB26D5A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwSystemDebugControl [0x8DB25668]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                    ZwTerminateProcess [0x8E1DBAF6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwTerminateThread [0x8DB26794]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwVdmControl [0x8DB2588E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                    ZwWriteVirtualMemory [0x8E1DB962]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateThreadEx [0x8DB26498]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                    ZwCreateProcessEx [0x8E1F3966]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                    ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                    ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!KeInsertQueue + 2FD                                                                                         82CB7934 4 Bytes  [08, 57, B2, 8D]
.text           ntoskrnl.exe!KeInsertQueue + 321                                                                                         82CB7958 4 Bytes  [C8, B7, 1D, 8E] {ENTER 0x1db7, 0x8e}
.text           ntoskrnl.exe!KeInsertQueue + 381                                                                                         82CB79B8 4 Bytes  [1C, 61, B2, 8D] {SBB AL, 0x61; MOV DL, 0x8d}
.text           ntoskrnl.exe!KeInsertQueue + 3C1                                                                                         82CB79F8 8 Bytes  [28, 0F, B3, 8D, 74, 0F, B3, ...] {SUB [EDI], CL; MOV BL, 0x8d; JZ 0x15; MOV BL, 0x8d}
.text           ntoskrnl.exe!KeInsertQueue + 3CD                                                                                         82CB7A04 4 Bytes  [F6, 10, B3, 8D] {NOT BYTE [EAX]; MOV BL, 0x8d}
.text           ...                                                                                                                      
PAGE            ntoskrnl.exe!ObMakeTemporaryObject                                                                                       82DEDE46 5 Bytes  JMP 8E1F0806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ZwReplyWaitReceivePortEx + 110                                                                              82E3754F 4 Bytes  CALL 8DB27B07 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntoskrnl.exe!ObInsertObject                                                                                              82E3BA1C 1 Byte  [E9]
PAGE            ntoskrnl.exe!ObInsertObject                                                                                              82E3BA1C 5 Bytes  JMP 8E1F2320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 121                                                                             82E65017 4 Bytes  CALL 8DB27B1D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntoskrnl.exe!ZwCreateProcessEx                                                                                           82ED2EC6 7 Bytes  JMP 8E1F396A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text           win32k.sys!EngCreateRectRgn + 4537                                                                                       974A0490 5 Bytes  JMP 8DB2AF20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngEraseSurface + 104A                                                                                        974B06B6 5 Bytes  JMP 8DB2AFB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreatePalette + C20                                                                                        974B9719 5 Bytes  JMP 8DB2BBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngTransparentBlt + 4A1                                                                                       974BA505 5 Bytes  JMP 8DB2BD3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngTransparentBlt + 8C2F                                                                                      974C2C93 5 Bytes  JMP 8DB2A48C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XLATEOBJ_iXlate + 616                                                                                         974C3BE9 5 Bytes  JMP 8DB2B9A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XFORMOBJ_iGetXform + 30EB                                                                                     974CF317 5 Bytes  JMP 8DB2ADDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XFORMOBJ_iGetXform + 455D                                                                                     974D0789 5 Bytes  JMP 8DB2A6E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XFORMOBJ_iGetXform + 46AC                                                                                     974D08D8 5 Bytes  JMP 8DB2B08C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XFORMOBJ_iGetXform + 4C41                                                                                     974D0E6D 5 Bytes  JMP 8DB2B0A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XFORMOBJ_iGetXform + 5229                                                                                     974D1455 5 Bytes  JMP 8DB2AC00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngMapFontFileFD + 11A16                                                                                      974EA305 5 Bytes  JMP 8DB2AB40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngMapFontFileFD + 11A6A                                                                                      974EA359 5 Bytes  JMP 8DB2AE06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGradientFill + 377F                                                                                        975113BE 5 Bytes  JMP 8DB2B86E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGradientFill + 60DE                                                                                        97513D1D 2 Bytes  JMP 8DB2A592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGradientFill + 60E1                                                                                        97513D20 2 Bytes  [61, F6]
.text           win32k.sys!EngMulDiv + 4D3F                                                                                              9751A66E 5 Bytes  JMP 8DB2A756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngStretchBlt + 2B44                                                                                          97524B04 5 Bytes  JMP 8DB2BDE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngStrokePath + 5FF                                                                                           975279EC 3 Bytes  JMP 8DB2A5AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngStrokePath + 603                                                                                           975279F0 1 Byte  [F6]
.text           win32k.sys!EngLpkInstalled + 1D73                                                                                        97531807 5 Bytes  JMP 8DB2B95E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngAlphaBlend + B973                                                                                          97541D90 5 Bytes  JMP 8DB2AFCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngNineGrid + 8C4                                                                                             97545F82 5 Bytes  JMP 8DB2BB20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngNineGrid + 6F65                                                                                            9754C623 5 Bytes  JMP 8DB2B918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCopyBits + B0F                                                                                             9754FDCA 5 Bytes  JMP 8DB2BA6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!STROBJ_vEnumStart + 4728                                                                                      975576E9 5 Bytes  JMP 8DB2A682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngDeleteSemaphore + E80                                                                                      97575C8A 5 Bytes  JMP 8DB2A93E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!CLIPOBJ_bEnum + 248                                                                                           9757B50A 5 Bytes  JMP 8DB2A812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngPlgBlt + 26D9                                                                                              9757F042 5 Bytes  JMP 8DB2BC96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngFillPath + 375D                                                                                            97597414 5 Bytes  JMP 8DB2AFE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngLineTo + A15                                                                                               9759D55D 5 Bytes  JMP 8DB2A866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngLineTo + D27F                                                                                              975A9DC7 5 Bytes  JMP 8DB2AA6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngLineTo + 10CF0                                                                                             975AD838 5 Bytes  JMP 8DB2A9D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[592] kernel32.dll!GetBinaryTypeW + 70                             771C2467 1 Byte  [62]
.text           C:\Windows\system32\csrss.exe[652] KERNEL32.dll!GetBinaryTypeW + 70                                                      771C2467 1 Byte  [62]
.text           C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[660] kernel32.dll!GetBinaryTypeW + 70                        771C2467 1 Byte  [62]
.text           C:\Windows\system32\wininit.exe[696] kernel32.dll!GetBinaryTypeW + 70                                                    771C2467 1 Byte  [62]
.text           C:\Windows\system32\csrss.exe[708] KERNEL32.dll!GetBinaryTypeW + 70                                                      771C2467 1 Byte  [62]
.text           C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] ntdll.dll!LdrLoadDll                                               77649378 5 Bytes  JMP 001501F8 
.text           C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] ntdll.dll!LdrUnloadDll                                             7765B680 5 Bytes  JMP 001503FC 
.text           C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] kernel32.dll!GetBinaryTypeW + 70                                   771C2467 1 Byte  [62]
.text           C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] ADVAPI32.dll!CreateServiceW                                        76F29EB4 5 Bytes  JMP 001803FC 
.text           C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] ADVAPI32.dll!DeleteService                                         76F2A07E 5 Bytes  JMP 00180600 
.text           C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] ADVAPI32.dll!SetServiceObjectSecurity                              76F66CD9 5 Bytes  JMP 00181014 
.text           C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] ADVAPI32.dll!ChangeServiceConfigA                                  76F66DD9 5 Bytes  JMP 00180804 
.text           C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] ADVAPI32.dll!ChangeServiceConfigW                                  76F66F81 5 Bytes  JMP 00180A08 
.text           C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] ADVAPI32.dll!ChangeServiceConfig2A                                 76F67099 5 Bytes  JMP 00180C0C 
.text           C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] ADVAPI32.dll!ChangeServiceConfig2W                                 76F671E1 5 Bytes  JMP 00180E10 
.text           C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] ADVAPI32.dll!CreateServiceA                                        76F672A1 5 Bytes  JMP 001801F8 
.text           C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] USER32.dll!SetWindowsHookExA                                       75CE6322 5 Bytes  JMP 00190600 
.text           C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] USER32.dll!SetWindowsHookExW                                       75CE87AD 5 Bytes  JMP 00190804 
.text           C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] USER32.dll!UnhookWindowsHookEx                                     75CE98DB 5 Bytes  JMP 00190A08 
.text           C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] USER32.dll!SetWinEventHook                                         75CE9F3A 5 Bytes  JMP 001901F8 
.text           C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[736] USER32.dll!UnhookWinEvent                                          75CEC06F 5 Bytes  JMP 001903FC 
.text           C:\Windows\system32\services.exe[740] kernel32.dll!GetBinaryTypeW + 70                                                   771C2467 1 Byte  [62]
.text           C:\Windows\system32\lsass.exe[752] kernel32.dll!GetBinaryTypeW + 70                                                      771C2467 1 Byte  [62]
.text           C:\Windows\system32\lsm.exe[764] kernel32.dll!GetBinaryTypeW + 70                                                        771C2467 1 Byte  [62]
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[812] kernel32.dll!GetBinaryTypeW + 70                                         771C2467 1 Byte  [62]
.text           C:\Windows\system32\winlogon.exe[840] kernel32.dll!GetBinaryTypeW + 70                                                   771C2467 1 Byte  [62]
.text           C:\Windows\system32\igfxext.exe[944] ntdll.dll!LdrLoadDll                                                                77649378 5 Bytes  JMP 001501F8 
.text           C:\Windows\system32\igfxext.exe[944] ntdll.dll!LdrUnloadDll                                                              7765B680 5 Bytes  JMP 001503FC 
.text           C:\Windows\system32\igfxext.exe[944] kernel32.dll!GetBinaryTypeW + 70                                                    771C2467 1 Byte  [62]
.text           C:\Windows\system32\igfxext.exe[944] USER32.dll!SetWindowsHookExA                                                        75CE6322 5 Bytes  JMP 00170600 
.text           C:\Windows\system32\igfxext.exe[944] USER32.dll!SetWindowsHookExW                                                        75CE87AD 5 Bytes  JMP 00170804 
.text           C:\Windows\system32\igfxext.exe[944] USER32.dll!UnhookWindowsHookEx                                                      75CE98DB 5 Bytes  JMP 00170A08 
.text           C:\Windows\system32\igfxext.exe[944] USER32.dll!SetWinEventHook                                                          75CE9F3A 5 Bytes  JMP 001701F8 
.text           C:\Windows\system32\igfxext.exe[944] USER32.dll!UnhookWinEvent                                                           75CEC06F 5 Bytes  JMP 001703FC 
.text           C:\Windows\system32\igfxext.exe[944] ADVAPI32.dll!CreateServiceW                                                         76F29EB4 5 Bytes  JMP 001803FC 
.text           C:\Windows\system32\igfxext.exe[944] ADVAPI32.dll!DeleteService                                                          76F2A07E 5 Bytes  JMP 00180600 
.text           C:\Windows\system32\igfxext.exe[944] ADVAPI32.dll!SetServiceObjectSecurity                                               76F66CD9 5 Bytes  JMP 00181014 
.text           C:\Windows\system32\igfxext.exe[944] ADVAPI32.dll!ChangeServiceConfigA                                                   76F66DD9 5 Bytes  JMP 00180804 
.text           C:\Windows\system32\igfxext.exe[944] ADVAPI32.dll!ChangeServiceConfigW                                                   76F66F81 5 Bytes  JMP 00180A08 
.text           C:\Windows\system32\igfxext.exe[944] ADVAPI32.dll!ChangeServiceConfig2A                                                  76F67099 5 Bytes  JMP 00180C0C 
.text           C:\Windows\system32\igfxext.exe[944] ADVAPI32.dll!ChangeServiceConfig2W                                                  76F671E1 5 Bytes  JMP 00180E10 
.text           C:\Windows\system32\igfxext.exe[944] ADVAPI32.dll!CreateServiceA                                                         76F672A1 5 Bytes  JMP 001801F8 
.text           C:\Windows\system32\svchost.exe[952] kernel32.dll!GetBinaryTypeW + 70                                                    771C2467 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1028] kernel32.dll!GetBinaryTypeW + 70                                                   771C2467 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 70                                                   771C2467 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[1160] kernel32.dll!GetBinaryTypeW + 70                                                   771C2467 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 70                                                   771C2467 1 Byte  [62]
.text           C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] ntdll.dll!LdrLoadDll                                                    77649378 5 Bytes  JMP 000501F8 
.text           C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] ntdll.dll!LdrUnloadDll                                                  7765B680 5 Bytes  JMP 000503FC 
.text           C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] kernel32.dll!GetBinaryTypeW + 70                                        771C2467 1 Byte  [62]
.text           C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] USER32.dll!SetWindowsHookExA                                            75CE6322 5 Bytes  JMP 00070600 
.text           C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] USER32.dll!SetWindowsHookExW                                            75CE87AD 5 Bytes  JMP 00070804 
.text           C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] USER32.dll!UnhookWindowsHookEx                                          75CE98DB 5 Bytes  JMP 00070A08 
.text           C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] USER32.dll!SetWinEventHook                                              75CE9F3A 5 Bytes  JMP 000701F8 
.text           C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] USER32.dll!UnhookWinEvent                                               75CEC06F 5 Bytes  JMP 000703FC 
.text           C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] ADVAPI32.dll!CreateServiceW                                             76F29EB4 5 Bytes  JMP 000803FC 
.text           C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] ADVAPI32.dll!DeleteService                                              76F2A07E 5 Bytes  JMP 00080600 
.text           C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] ADVAPI32.dll!SetServiceObjectSecurity                                   76F66CD9 5 Bytes  JMP 00081014 
.text           C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] ADVAPI32.dll!ChangeServiceConfigA                                       76F66DD9 5 Bytes  JMP 00080804 
.text           C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] ADVAPI32.dll!ChangeServiceConfigW                                       76F66F81 5 Bytes  JMP 00080A08 
.text           C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] ADVAPI32.dll!ChangeServiceConfig2A                                      76F67099 5 Bytes  JMP 00080C0C 
.text           C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] ADVAPI32.dll!ChangeServiceConfig2W                                      76F671E1 5 Bytes  JMP 00080E10 
.text           C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe[1260] ADVAPI32.dll!CreateServiceA                                             76F672A1 5 Bytes  JMP 000801F8 
.text           C:\Windows\system32\AUDIODG.EXE[1296] kernel32.dll!GetBinaryTypeW + 70                                                   771C2467 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1320] kernel32.dll!GetBinaryTypeW + 70                                                   771C2467 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetBinaryTypeW + 70                                                   771C2467 1 Byte  [62]
.text           C:\Windows\RtHDVCpl.exe[1408] ntdll.dll!LdrLoadDll                                                                       77649378 5 Bytes  JMP 001501F8 
.text           C:\Windows\RtHDVCpl.exe[1408] ntdll.dll!LdrUnloadDll                                                                     7765B680 5 Bytes  JMP 001503FC 
.text           C:\Windows\RtHDVCpl.exe[1408] kernel32.dll!GetBinaryTypeW + 70                                                           771C2467 1 Byte  [62]
.text           C:\Windows\RtHDVCpl.exe[1408] ADVAPI32.dll!CreateServiceW                                                                76F29EB4 5 Bytes  JMP 001703FC 
.text           C:\Windows\RtHDVCpl.exe[1408] ADVAPI32.dll!DeleteService                                                                 76F2A07E 5 Bytes  JMP 00170600 
.text           C:\Windows\RtHDVCpl.exe[1408] ADVAPI32.dll!SetServiceObjectSecurity                                                      76F66CD9 5 Bytes  JMP 00171014 
.text           C:\Windows\RtHDVCpl.exe[1408] ADVAPI32.dll!ChangeServiceConfigA                                                          76F66DD9 5 Bytes  JMP 00170804 
.text           C:\Windows\RtHDVCpl.exe[1408] ADVAPI32.dll!ChangeServiceConfigW                                                          76F66F81 5 Bytes  JMP 00170A08 
.text           C:\Windows\RtHDVCpl.exe[1408] ADVAPI32.dll!ChangeServiceConfig2A                                                         76F67099 5 Bytes  JMP 00170C0C 
.text           C:\Windows\RtHDVCpl.exe[1408] ADVAPI32.dll!ChangeServiceConfig2W                                                         76F671E1 5 Bytes  JMP 00170E10 
.text           C:\Windows\RtHDVCpl.exe[1408] ADVAPI32.dll!CreateServiceA                                                                76F672A1 5 Bytes  JMP 001701F8 
.text           C:\Windows\RtHDVCpl.exe[1408] USER32.dll!SetWindowsHookExA                                                               75CE6322 5 Bytes  JMP 00180600 
.text           C:\Windows\RtHDVCpl.exe[1408] USER32.dll!SetWindowsHookExW                                                               75CE87AD 5 Bytes  JMP 00180804 
.text           C:\Windows\RtHDVCpl.exe[1408] USER32.dll!UnhookWindowsHookEx                                                             75CE98DB 5 Bytes  JMP 00180A08 
.text           C:\Windows\RtHDVCpl.exe[1408] USER32.dll!SetWinEventHook                                                                 75CE9F3A 5 Bytes  JMP 001801F8 
.text           C:\Windows\RtHDVCpl.exe[1408] USER32.dll!UnhookWinEvent                                                                  75CEC06F 5 Bytes  JMP 001803FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] ntdll.dll!LdrLoadDll                                                 77649378 5 Bytes  JMP 001401F8 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] ntdll.dll!LdrUnloadDll                                               7765B680 5 Bytes  JMP 001403FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] kernel32.dll!GetBinaryTypeW + 70                                     771C2467 1 Byte  [62]
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] USER32.dll!SetWindowsHookExA                                         75CE6322 5 Bytes  JMP 00160600 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] USER32.dll!SetWindowsHookExW                                         75CE87AD 5 Bytes  JMP 00160804 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] USER32.dll!UnhookWindowsHookEx                                       75CE98DB 5 Bytes  JMP 00160A08 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] USER32.dll!SetWinEventHook                                           75CE9F3A 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] USER32.dll!UnhookWinEvent                                            75CEC06F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] ADVAPI32.dll!CreateServiceW                                          76F29EB4 5 Bytes  JMP 001703FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] ADVAPI32.dll!DeleteService                                           76F2A07E 5 Bytes  JMP 00170600 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] ADVAPI32.dll!SetServiceObjectSecurity                                76F66CD9 5 Bytes  JMP 00171014 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] ADVAPI32.dll!ChangeServiceConfigA                                    76F66DD9 5 Bytes  JMP 00170804 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] ADVAPI32.dll!ChangeServiceConfigW                                    76F66F81 5 Bytes  JMP 00170A08 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] ADVAPI32.dll!ChangeServiceConfig2A                                   76F67099 5 Bytes  JMP 00170C0C 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] ADVAPI32.dll!ChangeServiceConfig2W                                   76F671E1 5 Bytes  JMP 00170E10 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1528] ADVAPI32.dll!CreateServiceA                                          76F672A1 5 Bytes  JMP 001701F8 
.text           C:\Windows\system32\svchost.exe[1544] kernel32.dll!GetBinaryTypeW + 70                                                   771C2467 1 Byte  [62]
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1680] kernel32.dll!SetUnhandledExceptionFilter                        7719A8C5 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1680] kernel32.dll!GetBinaryTypeW + 70                                771C2467 1 Byte  [62]
.text           C:\Windows\system32\WLANExt.exe[1688] kernel32.dll!GetBinaryTypeW + 70                                                   771C2467 1 Byte  [62]
.text           C:\Program Files\AVAST Software\Avast\afwServ.exe[1756] kernel32.dll!GetBinaryTypeW + 70                                 771C2467 1 Byte  [62]
.text           C:\Windows\system32\taskeng.exe[1884] kernel32.dll!GetBinaryTypeW + 70                                                   771C2467 1 Byte  [62]
.text           C:\Windows\System32\spoolsv.exe[1896] kernel32.dll!GetBinaryTypeW + 70                                                   771C2467 1 Byte  [62]
.text           ...                                                                                                                      
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] ntdll.dll!LdrLoadDll                               77649378 5 Bytes  JMP 001401F8 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] ntdll.dll!LdrUnloadDll                             7765B680 5 Bytes  JMP 001403FC 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] kernel32.dll!GetBinaryTypeW + 70                   771C2467 1 Byte  [62]
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] USER32.dll!SetWindowsHookExA                       75CE6322 5 Bytes  JMP 00160600 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] USER32.dll!SetWindowsHookExW                       75CE87AD 5 Bytes  JMP 00160804 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] USER32.dll!UnhookWindowsHookEx                     75CE98DB 5 Bytes  JMP 00160A08 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] USER32.dll!SetWinEventHook                         75CE9F3A 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] USER32.dll!UnhookWinEvent                          75CEC06F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] ADVAPI32.dll!CreateServiceW                        76F29EB4 5 Bytes  JMP 001703FC 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] ADVAPI32.dll!DeleteService                         76F2A07E 5 Bytes  JMP 00170600 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] ADVAPI32.dll!SetServiceObjectSecurity              76F66CD9 5 Bytes  JMP 00171014 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] ADVAPI32.dll!ChangeServiceConfigA                  76F66DD9 5 Bytes  JMP 00170804 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] ADVAPI32.dll!ChangeServiceConfigW                  76F66F81 5 Bytes  JMP 00170A08 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] ADVAPI32.dll!ChangeServiceConfig2A                 76F67099 5 Bytes  JMP 00170C0C 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] ADVAPI32.dll!ChangeServiceConfig2W                 76F671E1 5 Bytes  JMP 00170E10 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2148] ADVAPI32.dll!CreateServiceA                        76F672A1 5 Bytes  JMP 001701F8 
.text           C:\Windows\System32\igfxpers.exe[2280] ntdll.dll!LdrLoadDll                                                              77649378 5 Bytes  JMP 001501F8 
.text           C:\Windows\System32\igfxpers.exe[2280] ntdll.dll!LdrUnloadDll                                                            7765B680 5 Bytes  JMP 001503FC 
.text           C:\Windows\System32\igfxpers.exe[2280] kernel32.dll!GetBinaryTypeW + 70                                                  771C2467 1 Byte  [62]
.text           C:\Windows\System32\igfxpers.exe[2280] USER32.dll!SetWindowsHookExA                                                      75CE6322 5 Bytes  JMP 00180600 
.text           C:\Windows\System32\igfxpers.exe[2280] USER32.dll!SetWindowsHookExW                                                      75CE87AD 5 Bytes  JMP 00180804 
.text           C:\Windows\System32\igfxpers.exe[2280] USER32.dll!UnhookWindowsHookEx                                                    75CE98DB 5 Bytes  JMP 00180A08 
.text           C:\Windows\System32\igfxpers.exe[2280] USER32.dll!SetWinEventHook                                                        75CE9F3A 5 Bytes  JMP 001801F8 
.text           C:\Windows\System32\igfxpers.exe[2280] USER32.dll!UnhookWinEvent                                                         75CEC06F 5 Bytes  JMP 001803FC 
.text           C:\Windows\System32\igfxpers.exe[2280] ADVAPI32.dll!CreateServiceW                                                       76F29EB4 5 Bytes  JMP 001903FC 
.text           C:\Windows\System32\igfxpers.exe[2280] ADVAPI32.dll!DeleteService                                                        76F2A07E 5 Bytes  JMP 00190600 
.text           C:\Windows\System32\igfxpers.exe[2280] ADVAPI32.dll!SetServiceObjectSecurity                                             76F66CD9 5 Bytes  JMP 00191014 
.text           C:\Windows\System32\igfxpers.exe[2280] ADVAPI32.dll!ChangeServiceConfigA                                                 76F66DD9 5 Bytes  JMP 00190804 
.text           C:\Windows\System32\igfxpers.exe[2280] ADVAPI32.dll!ChangeServiceConfigW                                                 76F66F81 5 Bytes  JMP 00190A08 
.text           C:\Windows\System32\igfxpers.exe[2280] ADVAPI32.dll!ChangeServiceConfig2A                                                76F67099 5 Bytes  JMP 00190C0C 
.text           C:\Windows\System32\igfxpers.exe[2280] ADVAPI32.dll!ChangeServiceConfig2W                                                76F671E1 5 Bytes  JMP 00190E10 
.text           C:\Windows\System32\igfxpers.exe[2280] ADVAPI32.dll!CreateServiceA                                                       76F672A1 5 Bytes  JMP 001901F8 
.text           C:\Windows\system32\svchost.exe[2404] ntdll.dll!LdrLoadDll                                                               77649378 5 Bytes  JMP 000501F8 
.text           C:\Windows\system32\svchost.exe[2404] ntdll.dll!LdrUnloadDll                                                             7765B680 5 Bytes  JMP 000503FC 
.text           C:\Windows\system32\svchost.exe[2404] kernel32.dll!GetBinaryTypeW + 70                                                   771C2467 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[2404] ADVAPI32.dll!CreateServiceW                                                        76F29EB4 5 Bytes  JMP 000703FC 
.text           C:\Windows\system32\svchost.exe[2404] ADVAPI32.dll!DeleteService                                                         76F2A07E 5 Bytes  JMP 00070600 
.text           C:\Windows\system32\svchost.exe[2404] ADVAPI32.dll!SetServiceObjectSecurity                                              76F66CD9 5 Bytes  JMP 00071014 
.text           C:\Windows\system32\svchost.exe[2404] ADVAPI32.dll!ChangeServiceConfigA                                                  76F66DD9 5 Bytes  JMP 00070804 
.text           C:\Windows\system32\svchost.exe[2404] ADVAPI32.dll!ChangeServiceConfigW                                                  76F66F81 5 Bytes  JMP 00070A08 
.text           C:\Windows\system32\svchost.exe[2404] ADVAPI32.dll!ChangeServiceConfig2A                                                 76F67099 5 Bytes  JMP 00070C0C 
.text           C:\Windows\system32\svchost.exe[2404] ADVAPI32.dll!ChangeServiceConfig2W                                                 76F671E1 5 Bytes  JMP 00070E10 
.text           C:\Windows\system32\svchost.exe[2404] ADVAPI32.dll!CreateServiceA                                                        76F672A1 5 Bytes  JMP 000701F8 
.text           C:\Windows\system32\svchost.exe[2404] USER32.dll!SetWindowsHookExA                                                       75CE6322 5 Bytes  JMP 000C0600 
.text           C:\Windows\system32\svchost.exe[2404] USER32.dll!SetWindowsHookExW                                                       75CE87AD 5 Bytes  JMP 000C0804 
.text           C:\Windows\system32\svchost.exe[2404] USER32.dll!UnhookWindowsHookEx                                                     75CE98DB 5 Bytes  JMP 000C0A08 
.text           C:\Windows\system32\svchost.exe[2404] USER32.dll!SetWinEventHook                                                         75CE9F3A 5 Bytes  JMP 000C01F8 
.text           C:\Windows\system32\svchost.exe[2404] USER32.dll!UnhookWinEvent                                                          75CEC06F 5 Bytes  JMP 000C03FC 
.text           C:\Windows\system32\Dwm.exe[2444] ntdll.dll!LdrLoadDll                                                                   77649378 5 Bytes  JMP 000501F8 
.text           C:\Windows\system32\Dwm.exe[2444] ntdll.dll!LdrUnloadDll                                                                 7765B680 5 Bytes  JMP 000503FC 
.text           C:\Windows\system32\Dwm.exe[2444] kernel32.dll!GetBinaryTypeW + 70                                                       771C2467 1 Byte  [62]
.text           C:\Windows\system32\Dwm.exe[2444] ADVAPI32.dll!CreateServiceW                                                            76F29EB4 5 Bytes  JMP 000703FC 
.text           C:\Windows\system32\Dwm.exe[2444] ADVAPI32.dll!DeleteService                                                             76F2A07E 5 Bytes  JMP 00070600 
.text           C:\Windows\system32\Dwm.exe[2444] ADVAPI32.dll!SetServiceObjectSecurity                                                  76F66CD9 5 Bytes  JMP 00071014 
.text           C:\Windows\system32\Dwm.exe[2444] ADVAPI32.dll!ChangeServiceConfigA                                                      76F66DD9 5 Bytes  JMP 00070804 
.text           C:\Windows\system32\Dwm.exe[2444] ADVAPI32.dll!ChangeServiceConfigW                                                      76F66F81 5 Bytes  JMP 00070A08 
.text           C:\Windows\system32\Dwm.exe[2444] ADVAPI32.dll!ChangeServiceConfig2A                                                     76F67099 5 Bytes  JMP 00070C0C 
.text           C:\Windows\system32\Dwm.exe[2444] ADVAPI32.dll!ChangeServiceConfig2W                                                     76F671E1 5 Bytes  JMP 00070E10 
.text           C:\Windows\system32\Dwm.exe[2444] ADVAPI32.dll!CreateServiceA                                                            76F672A1 5 Bytes  JMP 000701F8 
.text           C:\Windows\system32\Dwm.exe[2444] USER32.dll!SetWindowsHookExA                                                           75CE6322 5 Bytes  JMP 00080600 
.text           C:\Windows\system32\Dwm.exe[2444] USER32.dll!SetWindowsHookExW                                                           75CE87AD 5 Bytes  JMP 00080804 
.text           C:\Windows\system32\Dwm.exe[2444] USER32.dll!UnhookWindowsHookEx                                                         75CE98DB 5 Bytes  JMP 00080A08 
.text           C:\Windows\system32\Dwm.exe[2444] USER32.dll!SetWinEventHook                                                             75CE9F3A 5 Bytes  JMP 000801F8 
.text           C:\Windows\system32\Dwm.exe[2444] USER32.dll!UnhookWinEvent                                                              75CEC06F 5 Bytes  JMP 000803FC 
.text           C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] ntdll.dll!LdrLoadDll                                    77649378 5 Bytes  JMP 001501F8 
.text           C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] ntdll.dll!LdrUnloadDll                                  7765B680 5 Bytes  JMP 001503FC 
.text           C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] kernel32.dll!GetBinaryTypeW + 70                        771C2467 1 Byte  [62]
.text           C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] USER32.dll!SetWindowsHookExA                            75CE6322 5 Bytes  JMP 00170600 
.text           C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] USER32.dll!SetWindowsHookExW                            75CE87AD 5 Bytes  JMP 00170804 
.text           C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] USER32.dll!UnhookWindowsHookEx                          75CE98DB 5 Bytes  JMP 00170A08 
.text           C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] USER32.dll!SetWinEventHook                              75CE9F3A 5 Bytes  JMP 001701F8 
.text           C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] USER32.dll!UnhookWinEvent                               75CEC06F 5 Bytes  JMP 001703FC 
.text           C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] ADVAPI32.dll!CreateServiceW                             76F29EB4 5 Bytes  JMP 001803FC 
.text           C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] ADVAPI32.dll!DeleteService                              76F2A07E 5 Bytes  JMP 00180600 
.text           C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] ADVAPI32.dll!SetServiceObjectSecurity                   76F66CD9 5 Bytes  JMP 00181014 
.text           C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] ADVAPI32.dll!ChangeServiceConfigA                       76F66DD9 5 Bytes  JMP 00180804 
.text           C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] ADVAPI32.dll!ChangeServiceConfigW                       76F66F81 5 Bytes  JMP 00180A08 
.text           C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] ADVAPI32.dll!ChangeServiceConfig2A                      76F67099 5 Bytes  JMP 00180C0C 
.text           C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] ADVAPI32.dll!ChangeServiceConfig2W                      76F671E1 5 Bytes  JMP 00180E10 
.text           C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2452] ADVAPI32.dll!CreateServiceA                             76F672A1 5 Bytes  JMP 001801F8 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] ntdll.dll!LdrLoadDll                                77649378 5 Bytes  JMP 001501F8 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] ntdll.dll!LdrUnloadDll                              7765B680 5 Bytes  JMP 001503FC 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] kernel32.dll!GetBinaryTypeW + 70                    771C2467 1 Byte  [62]
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] ADVAPI32.dll!CreateServiceW                         76F29EB4 5 Bytes  JMP 001703FC 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] ADVAPI32.dll!DeleteService                          76F2A07E 5 Bytes  JMP 00170600 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] ADVAPI32.dll!SetServiceObjectSecurity               76F66CD9 5 Bytes  JMP 00171014 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] ADVAPI32.dll!ChangeServiceConfigA                   76F66DD9 5 Bytes  JMP 00170804 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] ADVAPI32.dll!ChangeServiceConfigW                   76F66F81 5 Bytes  JMP 00170A08 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] ADVAPI32.dll!ChangeServiceConfig2A                  76F67099 5 Bytes  JMP 00170C0C 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] ADVAPI32.dll!ChangeServiceConfig2W                  76F671E1 5 Bytes  JMP 00170E10 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] ADVAPI32.dll!CreateServiceA                         76F672A1 5 Bytes  JMP 001701F8 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] USER32.dll!SetWindowsHookExA                        75CE6322 5 Bytes  JMP 00180600 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] USER32.dll!SetWindowsHookExW                        75CE87AD 5 Bytes  JMP 00180804 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] USER32.dll!UnhookWindowsHookEx                      75CE98DB 5 Bytes  JMP 00180A08 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] USER32.dll!SetWinEventHook                          75CE9F3A 5 Bytes  JMP 001801F8 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2460] USER32.dll!UnhookWinEvent                           75CEC06F 5 Bytes  JMP 001803FC 
.text           C:\Windows\system32\svchost.exe[2596] ntdll.dll!LdrLoadDll                                                               77649378 5 Bytes  JMP 000501F8 
.text           C:\Windows\system32\svchost.exe[2596] ntdll.dll!LdrUnloadDll                                                             7765B680 5 Bytes  JMP 000503FC 
.text           C:\Windows\system32\svchost.exe[2596] kernel32.dll!GetBinaryTypeW + 70                                                   771C2467 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!CreateServiceW                                                        76F29EB4 5 Bytes  JMP 000703FC 
.text           C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!DeleteService                                                         76F2A07E 5 Bytes  JMP 00070600 
.text           C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!SetServiceObjectSecurity                                              76F66CD9 5 Bytes  JMP 00071014 
.text           C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!ChangeServiceConfigA                                                  76F66DD9 5 Bytes  JMP 00070804 
.text           C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!ChangeServiceConfigW                                                  76F66F81 5 Bytes  JMP 00070A08 
.text           C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!ChangeServiceConfig2A                                                 76F67099 5 Bytes  JMP 00070C0C 
.text           C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!ChangeServiceConfig2W                                                 76F671E1 5 Bytes  JMP 00070E10 
.text           C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!CreateServiceA                                                        76F672A1 5 Bytes  JMP 000701F8 
.text           C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] ntdll.dll!LdrLoadDll                                                        77649378 5 Bytes  JMP 001501F8 
.text           C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] ntdll.dll!LdrUnloadDll                                                      7765B680 5 Bytes  JMP 001503FC 
.text           C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] kernel32.dll!GetBinaryTypeW + 70                                            771C2467 1 Byte  [62]
.text           C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] ADVAPI32.dll!CreateServiceW                                                 76F29EB4 5 Bytes  JMP 001703FC 
.text           C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] ADVAPI32.dll!DeleteService                                                  76F2A07E 5 Bytes  JMP 00170600 
.text           C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] ADVAPI32.dll!SetServiceObjectSecurity                                       76F66CD9 5 Bytes  JMP 00171014 
.text           C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] ADVAPI32.dll!ChangeServiceConfigA                                           76F66DD9 5 Bytes  JMP 00170804 
.text           C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] ADVAPI32.dll!ChangeServiceConfigW                                           76F66F81 5 Bytes  JMP 00170A08 
.text           C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] ADVAPI32.dll!ChangeServiceConfig2A                                          76F67099 5 Bytes  JMP 00170C0C 
.text           C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] ADVAPI32.dll!ChangeServiceConfig2W                                          76F671E1 5 Bytes  JMP 00170E10 
.text           C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] ADVAPI32.dll!CreateServiceA                                                 76F672A1 5 Bytes  JMP 001701F8 
.text           C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] USER32.dll!SetWindowsHookExA                                                75CE6322 5 Bytes  JMP 00180600 
.text           C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] USER32.dll!SetWindowsHookExW                                                75CE87AD 5 Bytes  JMP 00180804 
.text           C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] USER32.dll!UnhookWindowsHookEx                                              75CE98DB 5 Bytes  JMP 00180A08 
.text           C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] USER32.dll!SetWinEventHook                                                  75CE9F3A 5 Bytes  JMP 001801F8 
.text           C:\Users\Fabiènne\Desktop\PSI\PSIA.exe[2612] USER32.dll!UnhookWinEvent                                                   75CEC06F 5 Bytes  JMP 001803FC 
.text           C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] ntdll.dll!LdrLoadDll                            77649378 5 Bytes  JMP 001401F8 
.text           C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] ntdll.dll!LdrUnloadDll                          7765B680 5 Bytes  JMP 001403FC 
.text           C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] kernel32.dll!GetBinaryTypeW + 70                771C2467 1 Byte  [62]
.text           C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] USER32.dll!SetWindowsHookExA                    75CE6322 5 Bytes  JMP 00190600 
.text           C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] USER32.dll!SetWindowsHookExW                    75CE87AD 5 Bytes  JMP 00190804 
.text           C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] USER32.dll!UnhookWindowsHookEx                  75CE98DB 5 Bytes  JMP 00190A08 
.text           C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] USER32.dll!SetWinEventHook                      75CE9F3A 5 Bytes  JMP 001901F8 
.text           C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] USER32.dll!UnhookWinEvent                       75CEC06F 5 Bytes  JMP 001903FC 
.text           C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] ADVAPI32.dll!CreateServiceW                     76F29EB4 5 Bytes  JMP 001A03FC 
.text           C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] ADVAPI32.dll!DeleteService                      76F2A07E 5 Bytes  JMP 001A0600 
.text           C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] ADVAPI32.dll!SetServiceObjectSecurity           76F66CD9 5 Bytes  JMP 001A1014 
.text           C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] ADVAPI32.dll!ChangeServiceConfigA               76F66DD9 5 Bytes  JMP 001A0804 
.text           C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] ADVAPI32.dll!ChangeServiceConfigW               76F66F81 5 Bytes  JMP 001A0A08 
.text           C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] ADVAPI32.dll!ChangeServiceConfig2A              76F67099 5 Bytes  JMP 001A0C0C 
.text           C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] ADVAPI32.dll!ChangeServiceConfig2W              76F671E1 5 Bytes  JMP 001A0E10 
.text           C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2636] ADVAPI32.dll!CreateServiceA                     76F672A1 5 Bytes  JMP 001A01F8 
.text           C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] ntdll.dll!LdrLoadDll                            77649378 5 Bytes  JMP 001501F8 
.text           C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] ntdll.dll!LdrUnloadDll                          7765B680 5 Bytes  JMP 001503FC 
.text           C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] kernel32.dll!GetBinaryTypeW + 70                771C2467 1 Byte  [62]
.text           C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] USER32.dll!SetWindowsHookExA                    75CE6322 5 Bytes  JMP 00170600 
.text           C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] USER32.dll!SetWindowsHookExW                    75CE87AD 5 Bytes  JMP 00170804 
.text           C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] USER32.dll!UnhookWindowsHookEx                  75CE98DB 5 Bytes  JMP 00170A08 
.text           C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] USER32.dll!SetWinEventHook                      75CE9F3A 5 Bytes  JMP 001701F8 
.text           C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] USER32.dll!UnhookWinEvent                       75CEC06F 5 Bytes  JMP 001703FC 
.text           C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] ADVAPI32.dll!CreateServiceW                     76F29EB4 5 Bytes  JMP 001803FC 
.text           C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] ADVAPI32.dll!DeleteService                      76F2A07E 5 Bytes  JMP 00180600 
.text           C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] ADVAPI32.dll!SetServiceObjectSecurity           76F66CD9 5 Bytes  JMP 00181014 
.text           C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] ADVAPI32.dll!ChangeServiceConfigA               76F66DD9 5 Bytes  JMP 00180804 
.text           C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] ADVAPI32.dll!ChangeServiceConfigW               76F66F81 5 Bytes  JMP 00180A08 
.text           C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] ADVAPI32.dll!ChangeServiceConfig2A              76F67099 5 Bytes  JMP 00180C0C 
.text           C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] ADVAPI32.dll!ChangeServiceConfig2W              76F671E1 5 Bytes  JMP 00180E10 
.text           C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2644] ADVAPI32.dll!CreateServiceA                     76F672A1 5 Bytes  JMP 001801F8 
.text           C:\Windows\system32\svchost.exe[2692] ntdll.dll!LdrLoadDll                                                               77649378 5 Bytes  JMP 000501F8 
.text           C:\Windows\system32\svchost.exe[2692] ntdll.dll!LdrUnloadDll                                                             7765B680 5 Bytes  JMP 000503FC 
.text           C:\Windows\system32\svchost.exe[2692] kernel32.dll!GetBinaryTypeW + 70                                                   771C2467 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!CreateServiceW                                                        76F29EB4 5 Bytes  JMP 000703FC 
.text           C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!DeleteService                                                         76F2A07E 5 Bytes  JMP 00070600 
.text           C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!SetServiceObjectSecurity                                              76F66CD9 5 Bytes  JMP 00071014 
.text           C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!ChangeServiceConfigA                                                  76F66DD9 5 Bytes  JMP 00070804 
.text           C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!ChangeServiceConfigW                                                  76F66F81 5 Bytes  JMP 00070A08 
.text           C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!ChangeServiceConfig2A                                                 76F67099 5 Bytes  JMP 00070C0C 
.text           C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!ChangeServiceConfig2W                                                 76F671E1 5 Bytes  JMP 00070E10 
.text           C:\Windows\system32\svchost.exe[2692] ADVAPI32.dll!CreateServiceA                                                        76F672A1 5 Bytes  JMP 000701F8 
.text           C:\Windows\System32\svchost.exe[2732] ntdll.dll!LdrLoadDll                                                               77649378 5 Bytes  JMP 000501F8 
.text           C:\Windows\System32\svchost.exe[2732] ntdll.dll!LdrUnloadDll                                                             7765B680 5 Bytes  JMP 000503FC 
.text           C:\Windows\System32\svchost.exe[2732] kernel32.dll!GetBinaryTypeW + 70                                                   771C2467 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[2732] ADVAPI32.dll!CreateServiceW                                                        76F29EB4 5 Bytes  JMP 000703FC 
.text           C:\Windows\System32\svchost.exe[2732] ADVAPI32.dll!DeleteService                                                         76F2A07E 5 Bytes  JMP 00070600 
.text           C:\Windows\System32\svchost.exe[2732] ADVAPI32.dll!SetServiceObjectSecurity                                              76F66CD9 5 Bytes  JMP 00071014 
.text           C:\Windows\System32\svchost.exe[2732] ADVAPI32.dll!ChangeServiceConfigA                                                  76F66DD9 5 Bytes  JMP 00070804 
.text           C:\Windows\System32\svchost.exe[2732] ADVAPI32.dll!ChangeServiceConfigW                                                  76F66F81 5 Bytes  JMP 00070A08 
.text           C:\Windows\System32\svchost.exe[2732] ADVAPI32.dll!ChangeServiceConfig2A                                                 76F67099 5 Bytes  JMP 00070C0C 
.text           C:\Windows\System32\svchost.exe[2732] ADVAPI32.dll!ChangeServiceConfig2W                                                 76F671E1 5 Bytes  JMP 00070E10 
.text           C:\Windows\System32\svchost.exe[2732] ADVAPI32.dll!CreateServiceA                                                        76F672A1 5 Bytes  JMP 000701F8 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] ntdll.dll!LdrLoadDll                       77649378 5 Bytes  JMP 000501F8 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] ntdll.dll!LdrUnloadDll                     7765B680 5 Bytes  JMP 000503FC 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] kernel32.dll!GetBinaryTypeW + 70           771C2467 1 Byte  [62]
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] ADVAPI32.dll!CreateServiceW                76F29EB4 5 Bytes  JMP 000803FC 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] ADVAPI32.dll!DeleteService                 76F2A07E 5 Bytes  JMP 00080600 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] ADVAPI32.dll!SetServiceObjectSecurity      76F66CD9 5 Bytes  JMP 00081014 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] ADVAPI32.dll!ChangeServiceConfigA          76F66DD9 5 Bytes  JMP 00080804 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] ADVAPI32.dll!ChangeServiceConfigW          76F66F81 5 Bytes  JMP 00080A08 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] ADVAPI32.dll!ChangeServiceConfig2A         76F67099 5 Bytes  JMP 00080C0C 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] ADVAPI32.dll!ChangeServiceConfig2W         76F671E1 5 Bytes  JMP 00080E10 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] ADVAPI32.dll!CreateServiceA                76F672A1 5 Bytes  JMP 000801F8 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] USER32.dll!SetWindowsHookExA               75CE6322 5 Bytes  JMP 000D0600 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] USER32.dll!SetWindowsHookExW               75CE87AD 5 Bytes  JMP 000D0804 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] USER32.dll!UnhookWindowsHookEx             75CE98DB 5 Bytes  JMP 000D0A08 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] USER32.dll!SetWinEventHook                 75CE9F3A 5 Bytes  JMP 000D01F8 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2752] USER32.dll!UnhookWinEvent                  75CEC06F 5 Bytes  JMP 000D03FC 
.text           C:\Windows\system32\SearchIndexer.exe[2832] ntdll.dll!LdrLoadDll                                                         77649378 5 Bytes  JMP 000501F8 
.text           C:\Windows\system32\SearchIndexer.exe[2832] ntdll.dll!LdrUnloadDll                                                       7765B680 5 Bytes  JMP 000503FC 
.text           C:\Windows\system32\SearchIndexer.exe[2832] kernel32.dll!GetBinaryTypeW + 70                                             771C2467 1 Byte  [62]
.text           C:\Windows\system32\SearchIndexer.exe[2832] ADVAPI32.dll!CreateServiceW                                                  76F29EB4 5 Bytes  JMP 000703FC 
.text           C:\Windows\system32\SearchIndexer.exe[2832] ADVAPI32.dll!DeleteService                                                   76F2A07E 5 Bytes  JMP 00070600 
.text           C:\Windows\system32\SearchIndexer.exe[2832] ADVAPI32.dll!SetServiceObjectSecurity                                        76F66CD9 5 Bytes  JMP 00071014 
.text           C:\Windows\system32\SearchIndexer.exe[2832] ADVAPI32.dll!ChangeServiceConfigA                                            76F66DD9 5 Bytes  JMP 00070804 
.text           C:\Windows\system32\SearchIndexer.exe[2832] ADVAPI32.dll!ChangeServiceConfigW                                            76F66F81 5 Bytes  JMP 00070A08 
.text           C:\Windows\system32\SearchIndexer.exe[2832] ADVAPI32.dll!ChangeServiceConfig2A                                           76F67099 5 Bytes  JMP 00070C0C 
.text           C:\Windows\system32\SearchIndexer.exe[2832] ADVAPI32.dll!ChangeServiceConfig2W                                           76F671E1 5 Bytes  JMP 00070E10 
.text           C:\Windows\system32\SearchIndexer.exe[2832] ADVAPI32.dll!CreateServiceA                                                  76F672A1 5 Bytes  JMP 000701F8 
.text           C:\Windows\system32\SearchIndexer.exe[2832] USER32.dll!SetWindowsHookExA                                                 75CE6322 5 Bytes  JMP 00090600 
.text           C:\Windows\system32\SearchIndexer.exe[2832] USER32.dll!SetWindowsHookExW                                                 75CE87AD 5 Bytes  JMP 00090804 
.text           C:\Windows\system32\SearchIndexer.exe[2832] USER32.dll!UnhookWindowsHookEx                                               75CE98DB 5 Bytes  JMP 00090A08 
.text           C:\Windows\system32\SearchIndexer.exe[2832] USER32.dll!SetWinEventHook                                                   75CE9F3A 5 Bytes  JMP 000901F8 
.text           C:\Windows\system32\SearchIndexer.exe[2832] USER32.dll!UnhookWinEvent                                                    75CEC06F 5 Bytes  JMP 000903FC 
.text           C:\Users\Surfen\Downloads\hsh9c61l.exe[2872] kernel32.dll!GetBinaryTypeW + 70                                            771C2467 1 Byte  [62]
.text           C:\Windows\system32\WUDFHost.exe[2972] ntdll.dll!LdrLoadDll                                                              77649378 5 Bytes  JMP 000501F8 
.text           C:\Windows\system32\WUDFHost.exe[2972] ntdll.dll!LdrUnloadDll                                                            7765B680 5 Bytes  JMP 000503FC 
.text           C:\Windows\system32\WUDFHost.exe[2972] kernel32.dll!GetBinaryTypeW + 70                                                  771C2467 1 Byte  [62]
.text           C:\Windows\system32\WUDFHost.exe[2972] ADVAPI32.dll!CreateServiceW                                                       76F29EB4 5 Bytes  JMP 001703FC 
.text           C:\Windows\system32\WUDFHost.exe[2972] ADVAPI32.dll!DeleteService                                                        76F2A07E 5 Bytes  JMP 00170600 
.text           C:\Windows\system32\WUDFHost.exe[2972] ADVAPI32.dll!SetServiceObjectSecurity                                             76F66CD9 5 Bytes  JMP 00171014 
.text           C:\Windows\system32\WUDFHost.exe[2972] ADVAPI32.dll!ChangeServiceConfigA                                                 76F66DD9 5 Bytes  JMP 00170804 
.text           C:\Windows\system32\WUDFHost.exe[2972] ADVAPI32.dll!ChangeServiceConfigW                                                 76F66F81 5 Bytes  JMP 00170A08 
.text           C:\Windows\system32\WUDFHost.exe[2972] ADVAPI32.dll!ChangeServiceConfig2A                                                76F67099 5 Bytes  JMP 00170C0C 
.text           C:\Windows\system32\WUDFHost.exe[2972] ADVAPI32.dll!ChangeServiceConfig2W                                                76F671E1 5 Bytes  JMP 00170E10 
.text           C:\Windows\system32\WUDFHost.exe[2972] ADVAPI32.dll!CreateServiceA                                                       76F672A1 5 Bytes  JMP 001701F8 
.text           C:\Windows\system32\WUDFHost.exe[2972] USER32.dll!SetWindowsHookExA                                                      75CE6322 5 Bytes  JMP 00180600 
.text           C:\Windows\system32\WUDFHost.exe[2972] USER32.dll!SetWindowsHookExW                                                      75CE87AD 5 Bytes  JMP 00180804 
.text           C:\Windows\system32\WUDFHost.exe[2972] USER32.dll!UnhookWindowsHookEx                                                    75CE98DB 5 Bytes  JMP 00180A08 
.text           C:\Windows\system32\WUDFHost.exe[2972] USER32.dll!SetWinEventHook                                                        75CE9F3A 5 Bytes  JMP 001801F8 
.text           C:\Windows\system32\WUDFHost.exe[2972] USER32.dll!UnhookWinEvent                                                         75CEC06F 5 Bytes  JMP 001803FC 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] ntdll.dll!LdrLoadDll                      77649378 5 Bytes  JMP 000501F8 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] ntdll.dll!LdrUnloadDll                    7765B680 5 Bytes  JMP 000503FC 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] kernel32.dll!GetBinaryTypeW + 70          771C2467 1 Byte  [62]
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] ADVAPI32.dll!CreateServiceW               76F29EB4 5 Bytes  JMP 000703FC 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] ADVAPI32.dll!DeleteService                76F2A07E 5 Bytes  JMP 00070600 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] ADVAPI32.dll!SetServiceObjectSecurity     76F66CD9 5 Bytes  JMP 00071014 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] ADVAPI32.dll!ChangeServiceConfigA         76F66DD9 5 Bytes  JMP 00070804 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] ADVAPI32.dll!ChangeServiceConfigW         76F66F81 5 Bytes  JMP 00070A08 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] ADVAPI32.dll!ChangeServiceConfig2A        76F67099 5 Bytes  JMP 00070C0C 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] ADVAPI32.dll!ChangeServiceConfig2W        76F671E1 5 Bytes  JMP 00070E10 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] ADVAPI32.dll!CreateServiceA               76F672A1 5 Bytes  JMP 000701F8 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] USER32.dll!SetWindowsHookExA              75CE6322 5 Bytes  JMP 00080600 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] USER32.dll!SetWindowsHookExW              75CE87AD 5 Bytes  JMP 00080804 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] USER32.dll!UnhookWindowsHookEx            75CE98DB 5 Bytes  JMP 00080A08 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] USER32.dll!SetWinEventHook                75CE9F3A 5 Bytes  JMP 000801F8 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3048] USER32.dll!UnhookWinEvent                 75CEC06F 5 Bytes  JMP 000803FC 
.text           C:\Windows\System32\hkcmd.exe[3224] ntdll.dll!LdrLoadDll                                                                 77649378 5 Bytes  JMP 001501F8 
.text           C:\Windows\System32\hkcmd.exe[3224] ntdll.dll!LdrUnloadDll                                                               7765B680 5 Bytes  JMP 001503FC 
.text           C:\Windows\System32\hkcmd.exe[3224] kernel32.dll!GetBinaryTypeW + 70                                                     771C2467 1 Byte  [62]
.text           C:\Windows\System32\hkcmd.exe[3224] USER32.dll!SetWindowsHookExA                                                         75CE6322 5 Bytes  JMP 00180600 
.text           C:\Windows\System32\hkcmd.exe[3224] USER32.dll!SetWindowsHookExW                                                         75CE87AD 5 Bytes  JMP 00180804 
.text           C:\Windows\System32\hkcmd.exe[3224] USER32.dll!UnhookWindowsHookEx                                                       75CE98DB 5 Bytes  JMP 00180A08 
.text           C:\Windows\System32\hkcmd.exe[3224] USER32.dll!SetWinEventHook                                                           75CE9F3A 5 Bytes  JMP 001801F8 
.text           C:\Windows\System32\hkcmd.exe[3224] USER32.dll!UnhookWinEvent                                                            75CEC06F 5 Bytes  JMP 001803FC 
.text           C:\Windows\System32\hkcmd.exe[3224] ADVAPI32.dll!CreateServiceW                                                          76F29EB4 5 Bytes  JMP 001903FC 
.text           C:\Windows\System32\hkcmd.exe[3224] ADVAPI32.dll!DeleteService                                                           76F2A07E 5 Bytes  JMP 00190600 
.text           C:\Windows\System32\hkcmd.exe[3224] ADVAPI32.dll!SetServiceObjectSecurity                                                76F66CD9 5 Bytes  JMP 00191014 
.text           C:\Windows\System32\hkcmd.exe[3224] ADVAPI32.dll!ChangeServiceConfigA                                                    76F66DD9 5 Bytes  JMP 00190804 
.text           C:\Windows\System32\hkcmd.exe[3224] ADVAPI32.dll!ChangeServiceConfigW                                                    76F66F81 5 Bytes  JMP 00190A08 
.text           C:\Windows\System32\hkcmd.exe[3224] ADVAPI32.dll!ChangeServiceConfig2A                                                   76F67099 5 Bytes  JMP 00190C0C 
.text           C:\Windows\System32\hkcmd.exe[3224] ADVAPI32.dll!ChangeServiceConfig2W                                                   76F671E1 5 Bytes  JMP 00190E10 
.text           C:\Windows\System32\hkcmd.exe[3224] ADVAPI32.dll!CreateServiceA                                                          76F672A1 5 Bytes  JMP 001901F8 
.text           C:\Windows\System32\igfxtray.exe[3260] ntdll.dll!LdrLoadDll                                                              77649378 5 Bytes  JMP 001501F8 
.text           C:\Windows\System32\igfxtray.exe[3260] ntdll.dll!LdrUnloadDll                                                            7765B680 5 Bytes  JMP 001503FC 
.text           C:\Windows\System32\igfxtray.exe[3260] kernel32.dll!GetBinaryTypeW + 70                                                  771C2467 1 Byte  [62]
.text           C:\Windows\System32\igfxtray.exe[3260] USER32.dll!SetWindowsHookExA                                                      75CE6322 5 Bytes  JMP 00180600 
.text           C:\Windows\System32\igfxtray.exe[3260] USER32.dll!SetWindowsHookExW                                                      75CE87AD 5 Bytes  JMP 00180804 
.text           C:\Windows\System32\igfxtray.exe[3260] USER32.dll!UnhookWindowsHookEx                                                    75CE98DB 5 Bytes  JMP 00180A08 
.text           C:\Windows\System32\igfxtray.exe[3260] USER32.dll!SetWinEventHook                                                        75CE9F3A 5 Bytes  JMP 001801F8 
.text           C:\Windows\System32\igfxtray.exe[3260] USER32.dll!UnhookWinEvent                                                         75CEC06F 5 Bytes  JMP 001803FC 
.text           C:\Windows\System32\igfxtray.exe[3260] ADVAPI32.dll!CreateServiceW                                                       76F29EB4 5 Bytes  JMP 001903FC 
.text           C:\Windows\System32\igfxtray.exe[3260] ADVAPI32.dll!DeleteService                                                        76F2A07E 5 Bytes  JMP 00190600 
.text           C:\Windows\System32\igfxtray.exe[3260] ADVAPI32.dll!SetServiceObjectSecurity                                             76F66CD9 5 Bytes  JMP 00191014 
.text           C:\Windows\System32\igfxtray.exe[3260] ADVAPI32.dll!ChangeServiceConfigA                                                 76F66DD9 5 Bytes  JMP 00190804 
.text           C:\Windows\System32\igfxtray.exe[3260] ADVAPI32.dll!ChangeServiceConfigW                                                 76F66F81 5 Bytes  JMP 00190A08 
.text           C:\Windows\System32\igfxtray.exe[3260] ADVAPI32.dll!ChangeServiceConfig2A                                                76F67099 5 Bytes  JMP 00190C0C 
.text           C:\Windows\System32\igfxtray.exe[3260] ADVAPI32.dll!ChangeServiceConfig2W                                                76F671E1 5 Bytes  JMP 00190E10 
.text           C:\Windows\System32\igfxtray.exe[3260] ADVAPI32.dll!CreateServiceA                                                       76F672A1 5 Bytes  JMP 001901F8 
.text           C:\Windows\system32\igfxsrvc.exe[3368] ntdll.dll!LdrLoadDll                                                              77649378 5 Bytes  JMP 001501F8 
.text           C:\Windows\system32\igfxsrvc.exe[3368] ntdll.dll!LdrUnloadDll                                                            7765B680 5 Bytes  JMP 001503FC 
.text           C:\Windows\system32\igfxsrvc.exe[3368] kernel32.dll!GetBinaryTypeW + 70                                                  771C2467 1 Byte  [62]
.text           C:\Windows\system32\igfxsrvc.exe[3368] USER32.dll!SetWindowsHookExA                                                      75CE6322 5 Bytes  JMP 00170600 
.text           C:\Windows\system32\igfxsrvc.exe[3368] USER32.dll!SetWindowsHookExW                                                      75CE87AD 5 Bytes  JMP 00170804 
.text           C:\Windows\system32\igfxsrvc.exe[3368] USER32.dll!UnhookWindowsHookEx                                                    75CE98DB 5 Bytes  JMP 00170A08 
.text           C:\Windows\system32\igfxsrvc.exe[3368] USER32.dll!SetWinEventHook                                                        75CE9F3A 5 Bytes  JMP 001701F8 
.text           C:\Windows\system32\igfxsrvc.exe[3368] USER32.dll!UnhookWinEvent                                                         75CEC06F 5 Bytes  JMP 001703FC 
.text           C:\Windows\system32\igfxsrvc.exe[3368] ADVAPI32.dll!CreateServiceW                                                       76F29EB4 5 Bytes  JMP 001803FC 
.text           C:\Windows\system32\igfxsrvc.exe[3368] ADVAPI32.dll!DeleteService                                                        76F2A07E 5 Bytes  JMP 00180600 
.text           C:\Windows\system32\igfxsrvc.exe[3368] ADVAPI32.dll!SetServiceObjectSecurity                                             76F66CD9 5 Bytes  JMP 00181014 
.text           C:\Windows\system32\igfxsrvc.exe[3368] ADVAPI32.dll!ChangeServiceConfigA                                                 76F66DD9 5 Bytes  JMP 00180804 
.text           C:\Windows\system32\igfxsrvc.exe[3368] ADVAPI32.dll!ChangeServiceConfigW                                                 76F66F81 5 Bytes  JMP 00180A08 
.text           C:\Windows\system32\igfxsrvc.exe[3368] ADVAPI32.dll!ChangeServiceConfig2A                                                76F67099 5 Bytes  JMP 00180C0C 
.text           C:\Windows\system32\igfxsrvc.exe[3368] ADVAPI32.dll!ChangeServiceConfig2W                                                76F671E1 5 Bytes  JMP 00180E10 
.text           C:\Windows\system32\igfxsrvc.exe[3368] ADVAPI32.dll!CreateServiceA                                                       76F672A1 5 Bytes  JMP 001801F8 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3432] ntdll.dll!LdrLoadDll                                                  77649378 5 Bytes  JMP 000501F8 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3432] ntdll.dll!LdrUnloadDll                                                7765B680 5 Bytes  JMP 000503FC 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3432] kernel32.dll!GetBinaryTypeW + 70                                      771C2467 1 Byte  [62]
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3432] ADVAPI32.dll!CreateServiceW                                           76F29EB4 5 Bytes  JMP 000803FC 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3432] ADVAPI32.dll!DeleteService                                            76F2A07E 5 Bytes  JMP 00080600 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3432] ADVAPI32.dll!SetServiceObjectSecurity                                 76F66CD9 5 Bytes  JMP 00081014 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3432] ADVAPI32.dll!ChangeServiceConfigA                                     76F66DD9 5 Bytes  JMP 00080804 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3432] ADVAPI32.dll!ChangeServiceConfigW                                     76F66F81 5 Bytes  JMP 00080A08 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3432] ADVAPI32.dll!ChangeServiceConfig2A                                    76F67099 5 Bytes  JMP 00080C0C 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3432] ADVAPI32.dll!ChangeServiceConfig2W                                    76F671E1 5 Bytes  JMP 00080E10 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3432] ADVAPI32.dll!CreateServiceA                                           76F672A1 5 Bytes  JMP 000801F8 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3432] USER32.dll!SetWindowsHookExA                                          75CE6322 5 Bytes  JMP 00090600 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3432] USER32.dll!SetWindowsHookExW                                          75CE87AD 5 Bytes  JMP 00090804 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3432] USER32.dll!UnhookWindowsHookEx                                        75CE98DB 5 Bytes  JMP 00090A08 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3432] USER32.dll!SetWinEventHook                                            75CE9F3A 5 Bytes  JMP 000901F8 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3432] USER32.dll!UnhookWinEvent                                             75CEC06F 5 Bytes  JMP 000903FC 
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] ntdll.dll!LdrLoadDll                                              77649378 5 Bytes  JMP 001601F8 
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] ntdll.dll!LdrUnloadDll                                            7765B680 5 Bytes  JMP 001603FC 
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] kernel32.dll!GetBinaryTypeW + 70                                  771C2467 1 Byte  [62]
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] USER32.dll!SetWindowsHookExA                                      75CE6322 5 Bytes  JMP 00270600 
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] USER32.dll!SetWindowsHookExW                                      75CE87AD 5 Bytes  JMP 00270804 
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] USER32.dll!UnhookWindowsHookEx                                    75CE98DB 5 Bytes  JMP 00270A08 
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] USER32.dll!SetWinEventHook                                        75CE9F3A 5 Bytes  JMP 002701F8 
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] USER32.dll!UnhookWinEvent                                         75CEC06F 5 Bytes  JMP 002703FC 
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] ADVAPI32.dll!CreateServiceW                                       76F29EB4 5 Bytes  JMP 002803FC 
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] ADVAPI32.dll!DeleteService                                        76F2A07E 5 Bytes  JMP 00280600 
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] ADVAPI32.dll!SetServiceObjectSecurity                             76F66CD9 5 Bytes  JMP 00281014 
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] ADVAPI32.dll!ChangeServiceConfigA                                 76F66DD9 5 Bytes  JMP 00280804 
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] ADVAPI32.dll!ChangeServiceConfigW                                 76F66F81 5 Bytes  JMP 00280A08 
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] ADVAPI32.dll!ChangeServiceConfig2A                                76F67099 5 Bytes  JMP 00280C0C 
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] ADVAPI32.dll!ChangeServiceConfig2W                                76F671E1 5 Bytes  JMP 00280E10 
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3644] ADVAPI32.dll!CreateServiceA                                       76F672A1 5 Bytes  JMP 002801F8 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!LdrLoadDll                                        77649378 5 Bytes  JMP 001501F8 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!LdrUnloadDll                                      7765B680 5 Bytes  JMP 001503FC 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] kernel32.dll!GetBinaryTypeW + 70                            771C2467 1 Byte  [62]
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ADVAPI32.dll!CreateServiceW                                 76F29EB4 5 Bytes  JMP 003903FC 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ADVAPI32.dll!DeleteService                                  76F2A07E 5 Bytes  JMP 00390600 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ADVAPI32.dll!SetServiceObjectSecurity                       76F66CD9 5 Bytes  JMP 00391014 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ADVAPI32.dll!ChangeServiceConfigA                           76F66DD9 5 Bytes  JMP 00390804 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ADVAPI32.dll!ChangeServiceConfigW                           76F66F81 5 Bytes  JMP 00390A08 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ADVAPI32.dll!ChangeServiceConfig2A                          76F67099 5 Bytes  JMP 00390C0C 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ADVAPI32.dll!ChangeServiceConfig2W                          76F671E1 5 Bytes  JMP 00390E10 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ADVAPI32.dll!CreateServiceA                                 76F672A1 5 Bytes  JMP 003901F8 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] USER32.dll!SetWindowsHookExA                                75CE6322 5 Bytes  JMP 003A0600 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] USER32.dll!SetWindowsHookExW                                75CE87AD 5 Bytes  JMP 003A0804 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] USER32.dll!UnhookWindowsHookEx                              75CE98DB 5 Bytes  JMP 003A0A08 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] USER32.dll!SetWinEventHook                                  75CE9F3A 5 Bytes  JMP 003A01F8 
.text           C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] USER32.dll!UnhookWinEvent                                   75CEC06F 5 Bytes  JMP 003A03FC 
.text           C:\Windows\ehome\ehtray.exe[3732] ntdll.dll!LdrLoadDll                                                                   77649378 5 Bytes  JMP 000501F8 
.text           C:\Windows\ehome\ehtray.exe[3732] ntdll.dll!LdrUnloadDll                                                                 7765B680 5 Bytes  JMP 000503FC 
.text           C:\Windows\ehome\ehtray.exe[3732] kernel32.dll!GetBinaryTypeW + 70                                                       771C2467 1 Byte  [62]
.text           C:\Windows\ehome\ehtray.exe[3732] ADVAPI32.dll!CreateServiceW                                                            76F29EB4 5 Bytes  JMP 000803FC 
.text           C:\Windows\ehome\ehtray.exe[3732] ADVAPI32.dll!DeleteService                                                             76F2A07E 5 Bytes  JMP 00080600 
.text           C:\Windows\ehome\ehtray.exe[3732] ADVAPI32.dll!SetServiceObjectSecurity                                                  76F66CD9 5 Bytes  JMP 00081014 
.text           C:\Windows\ehome\ehtray.exe[3732] ADVAPI32.dll!ChangeServiceConfigA                                                      76F66DD9 5 Bytes  JMP 00080804 
.text           C:\Windows\ehome\ehtray.exe[3732] ADVAPI32.dll!ChangeServiceConfigW                                                      76F66F81 5 Bytes  JMP 00080A08 
.text           C:\Windows\ehome\ehtray.exe[3732] ADVAPI32.dll!ChangeServiceConfig2A                                                     76F67099 5 Bytes  JMP 00080C0C 
.text           C:\Windows\ehome\ehtray.exe[3732] ADVAPI32.dll!ChangeServiceConfig2W                                                     76F671E1 5 Bytes  JMP 00080E10 
.text           C:\Windows\ehome\ehtray.exe[3732] ADVAPI32.dll!CreateServiceA                                                            76F672A1 5 Bytes  JMP 000801F8 
.text           C:\Windows\ehome\ehtray.exe[3732] USER32.dll!SetWindowsHookExA                                                           75CE6322 5 Bytes  JMP 000D0600 
.text           C:\Windows\ehome\ehtray.exe[3732] USER32.dll!SetWindowsHookExW                                                           75CE87AD 5 Bytes  JMP 000D0804 
.text           C:\Windows\ehome\ehtray.exe[3732] USER32.dll!UnhookWindowsHookEx                                                         75CE98DB 5 Bytes  JMP 000D0A08 
.text           C:\Windows\ehome\ehtray.exe[3732] USER32.dll!SetWinEventHook                                                             75CE9F3A 5 Bytes  JMP 000D01F8 
.text           C:\Windows\ehome\ehtray.exe[3732] USER32.dll!UnhookWinEvent                                                              75CEC06F 5 Bytes  JMP 000D03FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] ntdll.dll!LdrLoadDll                                              77649378 5 Bytes  JMP 001501F8 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] ntdll.dll!LdrUnloadDll                                            7765B680 5 Bytes  JMP 001503FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] kernel32.dll!GetBinaryTypeW + 70                                  771C2467 1 Byte  [62]
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] USER32.dll!SetWindowsHookExA                                      75CE6322 5 Bytes  JMP 00170600 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] USER32.dll!SetWindowsHookExW                                      75CE87AD 5 Bytes  JMP 00170804 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] USER32.dll!UnhookWindowsHookEx                                    75CE98DB 5 Bytes  JMP 00170A08 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] USER32.dll!SetWinEventHook                                        75CE9F3A 5 Bytes  JMP 001701F8 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] USER32.dll!UnhookWinEvent                                         75CEC06F 5 Bytes  JMP 001703FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] ADVAPI32.dll!CreateServiceW                                       76F29EB4 5 Bytes  JMP 001803FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] ADVAPI32.dll!DeleteService                                        76F2A07E 5 Bytes  JMP 00180600 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] ADVAPI32.dll!SetServiceObjectSecurity                             76F66CD9 5 Bytes  JMP 00181014 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] ADVAPI32.dll!ChangeServiceConfigA                                 76F66DD9 5 Bytes  JMP 00180804 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] ADVAPI32.dll!ChangeServiceConfigW                                 76F66F81 5 Bytes  JMP 00180A08 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] ADVAPI32.dll!ChangeServiceConfig2A                                76F67099 5 Bytes  JMP 00180C0C 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] ADVAPI32.dll!ChangeServiceConfig2W                                76F671E1 5 Bytes  JMP 00180E10 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3736] ADVAPI32.dll!CreateServiceA                                       76F672A1 5 Bytes  JMP 001801F8 
.text           C:\Windows\system32\taskeng.exe[3812] ntdll.dll!LdrLoadDll                                                               77649378 5 Bytes  JMP 000501F8 
.text           C:\Windows\system32\taskeng.exe[3812] ntdll.dll!LdrUnloadDll                                                             7765B680 5 Bytes  JMP 000503FC 
.text           C:\Windows\system32\taskeng.exe[3812] kernel32.dll!GetBinaryTypeW + 70                                                   771C2467 1 Byte  [62]
.text           C:\Windows\system32\taskeng.exe[3812] ADVAPI32.dll!CreateServiceW                                                        76F29EB4 5 Bytes  JMP 000803FC 
.text           C:\Windows\system32\taskeng.exe[3812] ADVAPI32.dll!DeleteService                                                         76F2A07E 5 Bytes  JMP 00080600 
.text           C:\Windows\system32\taskeng.exe[3812] ADVAPI32.dll!SetServiceObjectSecurity                                              76F66CD9 5 Bytes  JMP 00081014 
.text           C:\Windows\system32\taskeng.exe[3812] ADVAPI32.dll!ChangeServiceConfigA                                                  76F66DD9 5 Bytes  JMP 00080804 
.text           C:\Windows\system32\taskeng.exe[3812] ADVAPI32.dll!ChangeServiceConfigW                                                  76F66F81 5 Bytes  JMP 00080A08 
.text           C:\Windows\system32\taskeng.exe[3812] ADVAPI32.dll!ChangeServiceConfig2A                                                 76F67099 5 Bytes  JMP 00080C0C 
.text           C:\Windows\system32\taskeng.exe[3812] ADVAPI32.dll!ChangeServiceConfig2W                                                 76F671E1 5 Bytes  JMP 00080E10 
.text           C:\Windows\system32\taskeng.exe[3812] ADVAPI32.dll!CreateServiceA                                                        76F672A1 5 Bytes  JMP 000801F8 
.text           C:\Windows\system32\taskeng.exe[3812] USER32.dll!SetWindowsHookExA                                                       75CE6322 5 Bytes  JMP 00090600 
.text           C:\Windows\system32\taskeng.exe[3812] USER32.dll!SetWindowsHookExW                                                       75CE87AD 5 Bytes  JMP 00090804 
.text           C:\Windows\system32\taskeng.exe[3812] USER32.dll!UnhookWindowsHookEx                                                     75CE98DB 5 Bytes  JMP 00090A08 
.text           C:\Windows\system32\taskeng.exe[3812] USER32.dll!SetWinEventHook                                                         75CE9F3A 5 Bytes  JMP 000901F8 
.text           C:\Windows\system32\taskeng.exe[3812] USER32.dll!UnhookWinEvent                                                          75CEC06F 5 Bytes  JMP 000903FC 
.text           C:\Windows\Explorer.EXE[3864] ntdll.dll!LdrLoadDll                                                                       77649378 5 Bytes  JMP 000501F8 
.text           C:\Windows\Explorer.EXE[3864] ntdll.dll!LdrUnloadDll                                                                     7765B680 5 Bytes  JMP 000503FC 
.text           C:\Windows\Explorer.EXE[3864] kernel32.dll!GetBinaryTypeW + 70                                                           771C2467 1 Byte  [62]
.text           C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!CreateServiceW                                                                76F29EB4 5 Bytes  JMP 000703FC 
.text           C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!DeleteService                                                                 76F2A07E 5 Bytes  JMP 00070600 
.text           C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!SetServiceObjectSecurity                                                      76F66CD9 5 Bytes  JMP 00071014 
.text           C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!ChangeServiceConfigA                                                          76F66DD9 5 Bytes  JMP 00070804 
.text           C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!ChangeServiceConfigW                                                          76F66F81 5 Bytes  JMP 00070A08 
.text           C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!ChangeServiceConfig2A                                                         76F67099 5 Bytes  JMP 00070C0C 
.text           C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!ChangeServiceConfig2W                                                         76F671E1 5 Bytes  JMP 00070E10 
.text           C:\Windows\Explorer.EXE[3864] ADVAPI32.dll!CreateServiceA                                                                76F672A1 5 Bytes  JMP 000701F8 
.text           C:\Windows\Explorer.EXE[3864] USER32.dll!SetWindowsHookExA                                                               75CE6322 5 Bytes  JMP 00080600 
.text           C:\Windows\Explorer.EXE[3864] USER32.dll!SetWindowsHookExW                                                               75CE87AD 5 Bytes  JMP 00080804 
.text           C:\Windows\Explorer.EXE[3864] USER32.dll!UnhookWindowsHookEx                                                             75CE98DB 5 Bytes  JMP 00080A08 
.text           C:\Windows\Explorer.EXE[3864] USER32.dll!SetWinEventHook                                                                 75CE9F3A 5 Bytes  JMP 000801F8 
.text           C:\Windows\Explorer.EXE[3864] USER32.dll!UnhookWinEvent                                                                  75CEC06F 5 Bytes  JMP 000803FC 
.text           C:\Windows\ehome\ehmsas.exe[3868] ntdll.dll!LdrLoadDll                                                                   77649378 5 Bytes  JMP 000401F8 
.text           C:\Windows\ehome\ehmsas.exe[3868] ntdll.dll!LdrUnloadDll                                                                 7765B680 5 Bytes  JMP 000403FC 
.text           C:\Windows\ehome\ehmsas.exe[3868] kernel32.dll!GetBinaryTypeW + 70                                                       771C2467 1 Byte  [62]
.text           C:\Windows\ehome\ehmsas.exe[3868] ADVAPI32.dll!CreateServiceW                                                            76F29EB4 5 Bytes  JMP 000603FC 
.text           C:\Windows\ehome\ehmsas.exe[3868] ADVAPI32.dll!DeleteService                                                             76F2A07E 5 Bytes  JMP 00060600 
.text           C:\Windows\ehome\ehmsas.exe[3868] ADVAPI32.dll!SetServiceObjectSecurity                                                  76F66CD9 5 Bytes  JMP 00061014 
.text           C:\Windows\ehome\ehmsas.exe[3868] ADVAPI32.dll!ChangeServiceConfigA                                                      76F66DD9 5 Bytes  JMP 00060804 
.text           C:\Windows\ehome\ehmsas.exe[3868] ADVAPI32.dll!ChangeServiceConfigW                                                      76F66F81 5 Bytes  JMP 00060A08 
.text           C:\Windows\ehome\ehmsas.exe[3868] ADVAPI32.dll!ChangeServiceConfig2A                                                     76F67099 5 Bytes  JMP 00060C0C 
.text           C:\Windows\ehome\ehmsas.exe[3868] ADVAPI32.dll!ChangeServiceConfig2W                                                     76F671E1 5 Bytes  JMP 00060E10 
.text           C:\Windows\ehome\ehmsas.exe[3868] ADVAPI32.dll!CreateServiceA                                                            76F672A1 5 Bytes  JMP 000601F8 
.text           C:\Windows\ehome\ehmsas.exe[3868] USER32.dll!SetWindowsHookExA                                                           75CE6322 5 Bytes  JMP 00070600 
.text           C:\Windows\ehome\ehmsas.exe[3868] USER32.dll!SetWindowsHookExW                                                           75CE87AD 5 Bytes  JMP 00070804 
.text           C:\Windows\ehome\ehmsas.exe[3868] USER32.dll!UnhookWindowsHookEx                                                         75CE98DB 5 Bytes  JMP 00070A08 
.text           C:\Windows\ehome\ehmsas.exe[3868] USER32.dll!SetWinEventHook                                                             75CE9F3A 5 Bytes  JMP 000701F8 
.text           C:\Windows\ehome\ehmsas.exe[3868] USER32.dll!UnhookWinEvent                                                              75CEC06F 5 Bytes  JMP 000703FC 
.text           C:\Program Files\AVAST Software\Avast\AvastUI.exe[3976] kernel32.dll!GetBinaryTypeW + 70                                 771C2467 1 Byte  [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\system32\services.exe[740] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]             00130002
IAT             C:\Windows\system32\services.exe[740] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW]                   00130000
IAT             C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1680] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]  [7384F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT             C:\Program Files\AVAST Software\Avast\afwServ.exe[1756] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]   [7384F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT             C:\Program Files\AVAST Software\Avast\AvastUI.exe[3976] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]   [7384F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                   aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                  aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                  aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

[/CODE]
--- --- ---

das andere mache ich gleich noch.

cosinus · 25.10.2012, 19:10

Kommen die anderen Logs noch?

Fabienne · 25.10.2012, 20:21

Ich hab irgendwas falsch gemacht. Habe versucht osam mit winzip zu entpacken. Das ging nicht - die zuordnung oder sowas hat nicht gepasst...es konnte keine exe-datei geöffnent werden.

Ich glaube ich wollte dann versuchen das anders zu öffnen und habe angeklickt: öffnen mit-adobe reader.

Und nun geht gar nix mehr. Mein Lappi öffnet überhaupt keine exe-dateien mehr und ich kann nicht mehr ins internet.

Ichbin jetzt mit dem Administrator-Konto online. Hier gehts noch.

Hast du vlllt ne Idee, wie ich das wieder hinkriege?

Ohman...

ganz liebe Grüße
Fabienne

cosinus · 25.10.2012, 22:05

Zitat:

Habe versucht osam mit winzip zu entpacken.

Ja warum machst du das denn auch? In meinem Strang steht nicht aus Spaß da, dass du zum Entpacken 7zip oder WinRAR nutzen sollst

Zitat:

Und nun geht gar nix mehr. Mein Lappi öffnet überhaupt keine exe-dateien mehr und ich kann nicht mehr ins internet.

Keine Ahnung warum und wie du das gemacht hast, du solltest nur die RAR-Datei von osam mit WinRAR oder 7zip entpacken - kannst du denn überhaupt noch Programme auf dem Rechner starten?

Fabienne · 25.10.2012, 23:09

Oh nein! Ich habe mich schlicht und einfach verlesen.

Nein, ich gar nichts mehr öffnen. Aber im Administratorkonto ist alle in Ordnung.

Kann ich die Scans auch da machen?

cosinus · 26.10.2012, 12:43

Ja geht auch, aber frag mich nicht was du genau in deinem anderen Konto zerbröselt hast

25.10.2012, 19:10	#20
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malewarebytes findet ganz viele PUPBlabbers Kommen die anderen Logs noch? __________________ Logfiles bitte immer in CODE-Tags posten

26.10.2012, 12:43	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malewarebytes findet ganz viele PUPBlabbers Ja geht auch, aber frag mich nicht was du genau in deinem anderen Konto zerbröselt hast __________________ Logfiles bitte immer in CODE-Tags posten

Malewarebytes findet ganz viele PUPBlabbers

Plagegeister aller Art und deren Bekämpfung: Malewarebytes findet ganz viele PUPBlabbers