| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Generic 14.DNHWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.07.2009, 20:20
| #16 |
 |  Generic 14.DNH Hijackthis Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:17:23, on 26.07.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\Explorer.EXE C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\PC Tools AntiVirus\PCTAV.exe C:\Programme\ThreatFire\TFTray.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe C:\Programme\ThreatFire\TFService.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Opera\opera.exe C:\PROGRA~1\ICQ6.5\ICQ.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [PCTAVApp] "C:\Programme\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN O4 - HKLM\..\Run: [ThreatFire] C:\Programme\ThreatFire\TFTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe O23 - Service: ThreatFire - PC Tools - C:\Programme\ThreatFire\TFService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 5559 bytes |
|
26.07.2009, 20:25
| #17 |
| | Generic 14.DNHCode:
ATTFilter Adobe Photoshop CS2
Adobe Reader 9.1 - Deutsch
ATI - Dienstprogramm zur Deinstallation der Software
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Problem Report Wizard
AusLogics BoostSpeed
Avira AntiVir Personal - Free Antivirus
AVIVO Codecs
CCleaner (remove only)
DivX
DivX Converter
DivX Player
DivX Web Player
High Definition Audio Driver Package - KB888111
HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
HijackThis 2.0.2
ICQ6.5
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 14
Macromedia Flash MX 2004
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft Baseline Security Analyzer 1.2.1
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.1)
MSXML 6.0 Parser (KB933579)
Opera 9.64
PC Tools AntiVirus 6.0
Realtek High Definition Audio Driver
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
TeamViewer 4
ThreatFire
TuneUp Utilities 2006
VLC media player 0.9.9
WinRAR
ZoneAlarm Pro
|
|
26.07.2009, 20:30
| #18 | |
| /// Helfer-Team    | Generic 14.DNH Hi,
__________________solange Du deine Kiste damit neu aufsetzt Zitat:
Karl |
|
26.07.2009, 21:28
| #19 |
| | Generic 14.DNHCode:
ATTFilter GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-26 22:14:53
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xA7B65B70]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xBA6CE514]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xA7B7D760]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xA7B7D980]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xA7B80610]
SSDT BAFF4444 ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xA7B66180]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xBA6CED00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xBA6CEFB8]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xA7B7D080]
SSDT BAFF4462 ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xA7B65FD0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xBA6CD3FA]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xA7B7CE80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xA7B7CC40]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xBA6CF422]
SSDT BAFF446C ZwReplaceKey
SSDT BAFF4467 ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xA7B68E40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xA7B662F0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xBA6CE7D8]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xA7B7DBB0]
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys
|
|
26.07.2009, 21:32
| #20 |
| | Generic 14.DNHCode:
ATTFilter Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\ctfmon.exe[116] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[116] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[116] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[116] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00C20001
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [86, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[116] SHELL32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] SHELL32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] SHELL32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] SHELL32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F340F5A
.text C:\Programme\ThreatFire\TFService.exe[360] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01B20001
.text C:\Programme\ThreatFire\TFService.exe[360] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\ThreatFire\TFService.exe[360] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\Programme\ThreatFire\TFService.exe[360] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[540] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[540] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\Explorer.EXE[540] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[540] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00CD0001
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [86, 5F]
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\WINDOWS\Explorer.EXE[540] SHELL32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\Explorer.EXE[540] SHELL32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\Explorer.EXE[540] SHELL32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\Explorer.EXE[540] SHELL32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F340F5A
|
|
26.07.2009, 21:33
| #21 |
| | Generic 14.DNHCode:
ATTFilter .text C:\Programme\Java\jre6\bin\jusched.exe[680] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Java\jre6\bin\jusched.exe[680] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Programme\Java\jre6\bin\jusched.exe[680] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\Programme\Java\jre6\bin\jusched.exe[680] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F730F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F7C0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00B40001
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F610F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F700F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F460F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F640F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F490F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F3D0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F760F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F6A0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F670F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F6D0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F7F0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F580F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F4C0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [86, 5F]
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F4F0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F5B0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F820F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F520F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F400F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Programme\Java\jre6\bin\jusched.exe[680] SHELL32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F3A0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] SHELL32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F370F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] SHELL32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F310F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] SHELL32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F340F5A
.text C:\Programme\ThreatFire\TFTray.exe[704] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00FE0001
.text C:\Programme\ThreatFire\TFTray.exe[704] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\ThreatFire\TFTray.exe[704] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\Programme\ThreatFire\TFTray.exe[704] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[728] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[728] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[728] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 04B80001
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [86, 5F]
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[728] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] SHELL32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] SHELL32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] SHELL32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] SHELL32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F340F5A
|
|
26.07.2009, 21:34
| #22 |
| | Generic 14.DNHCode:
ATTFilter .text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F730F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F7C0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00C30001
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F610F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F700F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F460F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F640F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F490F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F3D0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F760F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F4C0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [86, 5F]
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F4F0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F5B0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F820F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F520F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F400F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F6A0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F670F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F6D0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F7F0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F580F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] SHELL32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F3A0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] SHELL32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F370F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] SHELL32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F310F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] SHELL32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F340F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F730F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F7C0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 04800001
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F610F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateFileW 7C810976 6 Bytes JMP 5F700F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F460F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F640F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F490F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!WinExec 7C86114D 6 Bytes JMP 5F3D0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F760F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F6A0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F670F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F6D0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F7F0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F580F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F4C0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [86, 5F]
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F4F0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F5B0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F820F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F520F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F400F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] shell32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F3A0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] shell32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F370F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] shell32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F310F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] shell32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F340F5A
|
|
26.07.2009, 21:46
| #23 | |
| | Generic 14.DNHZitat:
Der hat noch ein paar extraprogramme die mit installiert werden die aber bei der ersten Installation auch keine Probleme verursacht haben. Ich kenne Gimp und auch diverse andere kostenlose Bearbeitungssoftware nur brauche ich die nicht, ich will nur surfen und zocken mehr nicht |
|
26.07.2009, 21:50
| #24 |
| | Generic 14.DNHCode:
ATTFilter
.text C:\WINDOWS\system32\csrss.exe[932] KERNEL32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01400001
.text C:\WINDOWS\system32\csrss.exe[932] KERNEL32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[932] KERNEL32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[932] KERNEL32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 011E0001
.text C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\winlogon.exe[964] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\winlogon.exe[964] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\winlogon.exe[964] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\winlogon.exe[964] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\winlogon.exe[964] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\winlogon.exe[964] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[964] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\winlogon.exe[964] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00060001
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\services.exe[1008] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\services.exe[1008] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1008] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [86, 5F]
.text C:\WINDOWS\system32\services.exe[1008] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\services.exe[1008] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\services.exe[1008] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\services.exe[1008] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\services.exe[1008] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\services.exe[1008] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\services.exe[1008] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\services.exe[1008] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1008] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\WINDOWS\system32\services.exe[1008] SHELL32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\services.exe[1008] SHELL32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\services.exe[1008] SHELL32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\services.exe[1008] SHELL32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01180001
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [86, 5F]
.text C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1020] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[1020] SHELL32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\lsass.exe[1020] SHELL32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\lsass.exe[1020] SHELL32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\lsass.exe[1020] SHELL32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F340F5A
|
|
26.07.2009, 21:52
| #25 |
| | Generic 14.DNHCode:
ATTFilter .text C:\WINDOWS\system32\Ati2evxx.exe[1212] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00EC0001
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [7A, 5F] {JP 0x61}
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1212] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00E20001
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [86, 5F]
.text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1232] SHELL32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[1232] SHELL32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\svchost.exe[1232] SHELL32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\svchost.exe[1232] SHELL32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00C80001
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [86, 5F]
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1300] SHELL32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[1300] SHELL32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\svchost.exe[1300] SHELL32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\svchost.exe[1300] SHELL32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\System32\svchost.exe[1476] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1476] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1476] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1476] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F730F5A
|
|
26.07.2009, 21:53
| #26 |
| | Generic 14.DNHCode:
ATTFilter .text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 03070001
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\System32\svchost.exe[1476] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\System32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\System32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\System32\svchost.exe[1476] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\System32\svchost.exe[1476] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\System32\svchost.exe[1476] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\System32\svchost.exe[1476] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [86, 5F]
.text C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1476] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1476] SHELL32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\System32\svchost.exe[1476] SHELL32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\System32\svchost.exe[1476] SHELL32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\System32\svchost.exe[1476] SHELL32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F340F5A
|
|
26.07.2009, 21:54
| #27 |
| | Generic 14.DNHCode:
ATTFilter .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [38, 5F]
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00AC0001
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [7A, 5F] {JP 0x61}
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1528] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00980001
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [86, 5F]
.text C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1624] SHELL32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[1624] SHELL32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\svchost.exe[1624] SHELL32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\svchost.exe[1624] SHELL32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
|
|
26.07.2009, 21:57
| #28 |
| | Generic 14.DNHCode:
ATTFilter .text C:\WINDOWS\system32\Ati2evxx.exe[1680] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01410001
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [7A, 5F] {JP 0x61}
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1680] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[1768] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1768] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1768] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1768] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00700001
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [86, 5F]
.text C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1768] SHELL32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[1768] SHELL32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\svchost.exe[1768] SHELL32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\svchost.exe[1768] SHELL32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F340F5A
|
|
26.07.2009, 21:58
| #29 |
| | Generic 14.DNHCode:
ATTFilter .text C:\Programme\Java\jre6\bin\jqs.exe[1852] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F730F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F7C0F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01B70001
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F610F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F700F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F460F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F640F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F490F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F3D0F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F760F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F6A0F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F670F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F6D0F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F7F0F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F580F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F4C0F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [86, 5F]
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F4F0F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F5B0F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F820F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F520F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F400F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] SHELL32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F3A0F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] SHELL32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F370F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] SHELL32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F310F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] SHELL32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1984] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1984] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1984] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01220001
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [86, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1984] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1984] SHELL32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] SHELL32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] SHELL32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\spoolsv.exe[1984] SHELL32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F340F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [38, 5F]
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [05, 5F]
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F5E0F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F5B0F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F610F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F730F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F0A0F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F4C0F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F400F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F430F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F1C0F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F190F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F4F0F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F760F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F460F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F340F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] SHELL32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F2E0F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] SHELL32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F2B0F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] SHELL32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F250F5A
.text C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe[2032] SHELL32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F280F5A
|
|
26.07.2009, 21:59
| #30 |
| | Generic 14.DNHCode:
ATTFilter .text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [38, 5F]
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 003C0001
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 7170003D
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F400F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F430F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F4F0F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F760F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F460F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F340F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F5E0F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F5B0F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F610F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F730F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\Dokumente und Einstellungen\Administrator\Desktop\mlq8zsrl.exe[2204] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F4C0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [38, 5F]
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 009F0001
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 7170003D
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] KERNEL32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F400F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F430F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F4F0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F760F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F460F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F340F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F5E0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F5B0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F610F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F730F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F4C0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] shell32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F880F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] shell32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F850F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] shell32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F7F0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3388] shell32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F820F5A
|
|
| Themen zu Generic 14.DNH |
| angemeldet, anti-malware, combofix, dateien, desktop, erstellt, explorer, generic, icons, internet, internet explorer, log, malwarebytes, neu, neu aufgesetzt, programme, protection system, rechner, registrierungsschlüssel, rogue.protectionsystem, security, service, software, stopzilla, system, taskmanager, version, virus |
Linear-Darstellung
