| |
| |||||||
Log-Analyse und Auswertung: Win 7 - Win32.downloader.gen - PUP.Optional.Conduit.A - BefallWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.09.2013, 12:46
| #1 |
| |  Win 7 - Win32.downloader.gen - PUP.Optional.Conduit.A - Befall Hallo allerseits, bräuchte eure Hilfe. Malwarebytes hat vier infizierte Dateien gefunden: PUP.Optional.Conduit.A Spybot hat ebenfalls eine infizierte Datei gefunden: Win32.downloader.gen Hier die erforderlichen Logfiles (Waren zu lang, habe sie gekürzt und im Anhang drin): Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:25 on 12/09/2013 (Gregodinho)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-12 12:58:59
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST315003 rev.CC4G 1397,27GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\GREGOD~1\AppData\Local\Temp\pxldypob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff800031b3000 45 bytes [00, 00, 10, 02, 4D, 6D, 43, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591 fffff800031b302f 16 bytes [00, 01, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\services.exe[752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[860] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[924] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1020] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Windows\system32\svchost.exe[356] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[496] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1668] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1712] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[1740] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c81465 2 bytes [C8, 76]
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c814bb 2 bytes [C8, 76]
.text ... * 2
.text c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1816] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[1976] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010012075c
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001001203a4
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100120b14
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100120ecc
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010012163c
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100121284
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001001219f4
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100100c0c
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100100a08
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100100e10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001001001f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075665181 5 bytes JMP 0000000100111014
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075665254 5 bytes JMP 0000000100110804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756653d5 5 bytes JMP 0000000100110a08
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756654c2 5 bytes JMP 0000000100110c0c
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756655e2 5 bytes JMP 0000000100110e10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007566567c 5 bytes JMP 00000001001101f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007566589f 5 bytes JMP 00000001001103fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075665a22 5 bytes JMP 0000000100110600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000754dee09 5 bytes JMP 00000001001201f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000754e3982 5 bytes JMP 00000001001203fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000754e7603 5 bytes JMP 0000000100120804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000754e835c 5 bytes JMP 0000000100120600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000754ff52b 5 bytes JMP 0000000100120a08
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2652] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2652] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2652] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2652] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 00000001000f075c
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001000f03a4
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 00000001000f0b14
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 00000001000f0ecc
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000001000f163c
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 00000001000f1284
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001000f19f4
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\system32\svchost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\system32\svchost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\system32\svchost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\system32\svchost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\system32\svchost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\system32\svchost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\system32\svchost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\system32\svchost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010023075c
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001002303a4
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100230b14
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100230ecc
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010023163c
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100231284
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001002319f4
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\System32\WUDFHost.exe[3376] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\System32\WUDFHost.exe[3376] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\System32\WUDFHost.exe[3376] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\System32\WUDFHost.exe[3376] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\System32\WUDFHost.exe[3376] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\System32\WUDFHost.exe[3376] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\System32\WUDFHost.exe[3376] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\System32\WUDFHost.exe[3376] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 00000001001e075c
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001001e03a4
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 00000001001e0b14
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 00000001001e0ecc
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000001001e163c
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 00000001001e1284
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001001e19f4
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010018075c
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001001803a4
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100180b14
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100180ecc
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010018163c
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100181284
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001001819f4
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010039075c
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001003903a4
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100390b14
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100390ecc
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010039163c
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100391284
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001003919f4
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010035075c
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001003503a4
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100350b14
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100350ecc
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010035163c
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100351284
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001003519f4
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010033075c
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001003303a4
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100330b14
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100330ecc
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010033163c
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100331284
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001003319f4
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 00000001001b075c
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001001b03a4
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 00000001001b0b14
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 00000001001b0ecc
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000001001b163c
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 00000001001b1284
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001001b19f4
.text C:\Windows\Explorer.EXE[1432] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010011075c
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001001103a4
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100110b14
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100110ecc
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010011163c
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100111284
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001001119f4
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010048075c
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001004803a4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100480b14
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100480ecc
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010048163c
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100481284
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001004819f4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2588] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010024075c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001002403a4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100240b14
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100240ecc
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010024163c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100241284
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001002419f4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 00000001001a075c
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001001a03a4
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 00000001001a0b14
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 00000001001a0ecc
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000001001a163c
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 00000001001a1284
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001001a19f4
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010032075c
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001003203a4
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100320b14
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100320ecc
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010032163c
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100321284
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001003219f4
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010030075c
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001003003a4
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100300b14
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100300ecc
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010030163c
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100301284
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001003019f4
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 00000001005a075c
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001005a03a4
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 00000001005a0b14
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 00000001005a0ecc
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000001005a163c
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 00000001005a1284
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001005a19f4
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075665181 5 bytes JMP 0000000100101014
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075665254 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756653d5 5 bytes JMP 0000000100100a08
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756654c2 5 bytes JMP 0000000100100c0c
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756655e2 5 bytes JMP 0000000100100e10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007566567c 5 bytes JMP 00000001001001f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007566589f 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075665a22 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000754dee09 5 bytes JMP 00000001001101f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000754e3982 5 bytes JMP 00000001001103fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000754e7603 5 bytes JMP 0000000100110804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000754e835c 5 bytes JMP 0000000100110600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000754ff52b 5 bytes JMP 0000000100110a08
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075665181 5 bytes JMP 0000000100241014
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075665254 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756653d5 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756654c2 5 bytes JMP 0000000100240c0c
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756655e2 5 bytes JMP 0000000100240e10
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007566567c 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007566589f 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075665a22 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000754dee09 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000754e3982 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000754e7603 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000754e835c 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000754ff52b 5 bytes JMP 0000000100250a08
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2768] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c81465 2 bytes [C8, 76]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c814bb 2 bytes [C8, 76]
.text ... * 2
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 0000000100fa075c
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 0000000100fa03a4
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100fa0b14
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100fa0ecc
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 0000000100fa163c
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100fa1284
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 0000000100fa19f4
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075665181 5 bytes JMP 0000000100241014
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075665254 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756653d5 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756654c2 5 bytes JMP 0000000100240c0c
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756655e2 5 bytes JMP 0000000100240e10
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007566567c 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007566589f 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075665a22 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000754dee09 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000754e3982 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000754e7603 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000754e835c 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000754ff52b 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075665181 5 bytes JMP 0000000100101014
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075665254 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756653d5 5 bytes JMP 0000000100100a08
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756654c2 5 bytes JMP 0000000100100c0c
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756655e2 5 bytes JMP 0000000100100e10
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007566567c 5 bytes JMP 00000001001001f8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007566589f 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075665a22 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000754dee09 5 bytes JMP 00000001001101f8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000754e3982 5 bytes JMP 00000001001103fc
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000754e7603 5 bytes JMP 0000000100110804
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000754e835c 5 bytes JMP 0000000100110600
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000754ff52b 5 bytes JMP 0000000100110a08
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000754dee09 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000754e3982 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000754e7603 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000754e835c 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000754ff52b 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075665181 5 bytes JMP 0000000100261014
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075665254 5 bytes JMP 0000000100260804
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756653d5 5 bytes JMP 0000000100260a08
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756654c2 5 bytes JMP 0000000100260c0c
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756655e2 5 bytes JMP 0000000100260e10
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007566567c 5 bytes JMP 00000001002601f8
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007566589f 5 bytes JMP 00000001002603fc
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075665a22 5 bytes JMP 0000000100260600
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c81465 2 bytes [C8, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c814bb 2 bytes [C8, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [4172] entry point in ".rdata" section 000000006d4371e6
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010031075c
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001003103a4
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100310b14
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100310ecc
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010031163c
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100311284
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001003119f4
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100030600
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100030804
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100030c0c
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100030a08
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100030e10
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001000301f8
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001000303fc
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000754dee09 5 bytes JMP 00000001002401f8
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000754e3982 5 bytes JMP 00000001002403fc
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000754e7603 5 bytes JMP 0000000100240804
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000754e835c 5 bytes JMP 0000000100240600
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000754ff52b 5 bytes JMP 0000000100240a08
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075665181 5 bytes JMP 0000000100251014
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075665254 5 bytes JMP 0000000100250804
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756653d5 5 bytes JMP 0000000100250a08
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756654c2 5 bytes JMP 0000000100250c0c
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756655e2 5 bytes JMP 0000000100250e10
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007566567c 5 bytes JMP 00000001002501f8
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007566589f 5 bytes JMP 00000001002503fc
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075665a22 5 bytes JMP 0000000100250600
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1832] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1832] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1832] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1832] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1832] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1832] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1832] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1832] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\system32\AUDIODG.EXE[5964] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\SearchProtocolHost.exe[1536] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\SearchProtocolHost.exe[1536] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\system32\SearchProtocolHost.exe[1536] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\system32\SearchProtocolHost.exe[1536] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\system32\SearchProtocolHost.exe[1536] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\system32\SearchProtocolHost.exe[1536] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\system32\SearchProtocolHost.exe[1536] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\system32\SearchProtocolHost.exe[1536] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\system32\SearchProtocolHost.exe[1536] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Users\Gregodinho\Desktop\gmer_2.1.19163.exe[872] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3712:3676] 0000000075667587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3712:3720] 0000000070cb0cb3
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3712:3732] 00000000771d2e65
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3712:4220] 00000000771d3e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3712:3928] 00000000771d3e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3712:3616] 00000000771d3e85
|
| Themen zu Win 7 - Win32.downloader.gen - PUP.Optional.Conduit.A - Befall |
| .dll, adobe, avast, dateien, explorer.exe, harddisk, hook, infizierte, logfiles, malwarebytes, microsoft, ntdll.dll, nvidia, pdf, realtek, rundll, scan, security, services.exe, software, svchost.exe, system, taskhost.exe, temp, windows media player, winlogon.exe, wmp |
Baum-Darstellung