| |
| |||||||
Log-Analyse und Auswertung: Vermutlich Problem mit Malware/ViursWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.03.2011, 19:48
| #1 |
 |  Vermutlich Problem mit Malware/Viurs Hallo Community, habe vermutlich ein Problem mit meinem Laptop. Festplattenleuchte blinkt neuerdings sekündlich und arbeitet ständig. Zudem kann ich ein Online- Game nicht mehr starten, was laut Forum dort auch auf einen Virus hindeuten könnte! Ich habe alle 6 Punkte der Checkliste durchgeführt. Beim Ausführen Eurunt-Setup.exe gab es allerdings Probleme! Hoffe ich könnt mir helfen! Gmer.txt kann ich nicht hochladen, da zu groß. deshalb auch hier! GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-05 19:27:12
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O
Running: g2m3e4r.exe; Driver: C:\Users\Klemens\AppData\Local\Temp\uxtdafoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x906C99CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x906CBEAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x906CBF04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x906CC01A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x906CBE02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x906CBF54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x906CBE56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x906CBFC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x906C99EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x906C97B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x906C9A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x906CC412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x906CA4AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x906CBEDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x906CBF2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x906CC044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x906CBE2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x906CBF94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x906CBE84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x906CBFF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x906CA370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x906C9A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x906C9A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x906C9812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x906C994E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x906C992A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x906C9972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x906C9A7E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90F3A8DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 10D 82EEE890 4 Bytes [CA, 99, 6C, 90] {RETF 0x6c99; NOP }
.text ntkrnlpa.exe!KeSetEvent + 1D1 82EEE954 8 Bytes [AC, BE, 6C, 90, 04, BF, 6C, ...] {LODSB ; MOV ESI, 0xbf04906c; INSB ; NOP }
.text ntkrnlpa.exe!KeSetEvent + 1DD 82EEE960 4 Bytes [1A, C0, 6C, 90] {SBB AL, AL; INSB ; NOP }
.text ntkrnlpa.exe!KeSetEvent + 1F5 82EEE978 4 Bytes [02, BE, 6C, 90]
.text ntkrnlpa.exe!KeSetEvent + 215 82EEE998 8 Bytes [54, BF, 6C, 90, 56, BE, 6C, ...] {PUSH ESP; MOV EDI, 0xbe56906c; INSB ; NOP }
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 830195C7 5 Bytes JMP 90F3629E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 830724F3 5 Bytes JMP 90F37D38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 8307BE18 4 Bytes CALL 906CAE3B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8307FA8C 4 Bytes CALL 906CAE51 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 830D3DAE 7 Bytes JMP 90F3A8E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text c:\Program Files\CyberLink\PowerDVD8\000.fcl section is writeable [0xAA20F000, 0x2892, 0xE8000020]
.vmp2 c:\Program Files\CyberLink\PowerDVD8\000.fcl entry point in ".vmp2" section [0xAA232050]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\taskeng.exe[356] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\taskeng.exe[356] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskeng.exe[356] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\taskeng.exe[356] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\taskeng.exe[356] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\taskeng.exe[356] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\taskeng.exe[356] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\taskeng.exe[356] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\taskeng.exe[356] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\taskeng.exe[356] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\taskeng.exe[356] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000800A8
.text C:\Windows\system32\taskeng.exe[356] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\taskeng.exe[356] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00080120
.text C:\Windows\system32\taskeng.exe[356] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\taskeng.exe[356] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\svchost.exe[380] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[380] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[380] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[380] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[380] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[380] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[380] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[380] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[380] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[380] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\wininit.exe[664] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00030030
.text C:\Windows\system32\wininit.exe[664] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0003006C
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0005006C
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000500A8
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000501D4
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000500E4
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00050120
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0005015C
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00050198
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00050030
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000600A8
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000600E4
.text C:\Windows\system32\wininit.exe[664] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00060120
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00060030
.text C:\Windows\system32\wininit.exe[664] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0006006C
.text C:\Windows\system32\services.exe[708] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\services.exe[708] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000B006C
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000B00A8
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 000B0120
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 000B015C
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 000B0198
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000B0030
.text C:\Windows\system32\services.exe[708] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000C00A8
.text C:\Windows\system32\services.exe[708] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000C00E4
.text C:\Windows\system32\services.exe[708] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 000C0120
.text C:\Windows\system32\services.exe[708] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 000C0030
.text C:\Windows\system32\services.exe[708] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 000C006C
.text C:\Windows\system32\lsass.exe[720] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\lsass.exe[720] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\lsass.exe[720] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000800A8
.text C:\Windows\system32\lsass.exe[720] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\lsass.exe[720] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00080120
.text C:\Windows\system32\lsass.exe[720] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\lsass.exe[720] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\lsm.exe[728] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\lsm.exe[728] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\nvvsvc.exe[948] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00150030
.text C:\Windows\system32\nvvsvc.exe[948] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0015006C
.text C:\Windows\system32\nvvsvc.exe[948] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001700A8
.text C:\Windows\system32\nvvsvc.exe[948] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001700E4
.text C:\Windows\system32\nvvsvc.exe[948] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00170120
.text C:\Windows\system32\nvvsvc.exe[948] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00170030
.text C:\Windows\system32\nvvsvc.exe[948] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0017006C
.text C:\Windows\system32\nvvsvc.exe[948] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0018006C
.text C:\Windows\system32\nvvsvc.exe[948] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001800A8
.text C:\Windows\system32\nvvsvc.exe[948] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001801D4
.text C:\Windows\system32\nvvsvc.exe[948] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001800E4
.text C:\Windows\system32\nvvsvc.exe[948] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00180120
.text C:\Windows\system32\nvvsvc.exe[948] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0018015C
.text C:\Windows\system32\nvvsvc.exe[948] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00180198
.text C:\Windows\system32\nvvsvc.exe[948] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00180030
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[976] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000B00A8
.text C:\Windows\system32\svchost.exe[976] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000B00E4
.text C:\Windows\system32\svchost.exe[976] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 000B0120
.text C:\Windows\system32\svchost.exe[976] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 000B0030
.text C:\Windows\system32\svchost.exe[976] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 000B006C
.text C:\Windows\System32\svchost.exe[1020] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[1020] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\svchost.exe[1020] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000F00A8
.text C:\Windows\System32\svchost.exe[1020] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000F00E4
.text C:\Windows\System32\svchost.exe[1020] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 000F0120
.text C:\Windows\System32\svchost.exe[1020] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 000F0030
.text C:\Windows\System32\svchost.exe[1020] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 000F006C
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\svchost.exe[1068] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000C00A8
.text C:\Windows\System32\svchost.exe[1068] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000C00E4
.text C:\Windows\System32\svchost.exe[1068] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 000C0120
.text C:\Windows\System32\svchost.exe[1068] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 000C0030
.text C:\Windows\System32\svchost.exe[1068] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 000C006C
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\svchost.exe[1100] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 00BF00A8
.text C:\Windows\System32\svchost.exe[1100] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 00BF00E4
.text C:\Windows\System32\svchost.exe[1100] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00BF0120
.text C:\Windows\System32\svchost.exe[1100] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00BF0030
.text C:\Windows\System32\svchost.exe[1100] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 00BF006C
.text C:\Windows\system32\svchost.exe[1112] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1112] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001D00A8
.text C:\Windows\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001D00E4
.text C:\Windows\system32\svchost.exe[1112] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 001D0120
.text C:\Windows\system32\svchost.exe[1112] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 001D0030
.text C:\Windows\system32\svchost.exe[1112] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 001D006C
.text C:\Windows\system32\winlogon.exe[1160] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00030030
.text C:\Windows\system32\winlogon.exe[1160] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0003006C
.text C:\Windows\system32\winlogon.exe[1160] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0005006C
.text C:\Windows\system32\winlogon.exe[1160] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000500A8
.text C:\Windows\system32\winlogon.exe[1160] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000501D4
.text C:\Windows\system32\winlogon.exe[1160] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000500E4
.text C:\Windows\system32\winlogon.exe[1160] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00050120
.text C:\Windows\system32\winlogon.exe[1160] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0005015C
.text C:\Windows\system32\winlogon.exe[1160] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00050198
.text C:\Windows\system32\winlogon.exe[1160] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00050030
.text C:\Windows\system32\winlogon.exe[1160] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000600A8
.text C:\Windows\system32\winlogon.exe[1160] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000600E4
.text C:\Windows\system32\winlogon.exe[1160] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00060120
.text C:\Windows\system32\winlogon.exe[1160] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00060030
.text C:\Windows\system32\winlogon.exe[1160] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[1344] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1344] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0008006C
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000800A8
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000801D4
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000800E4
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00080120
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0008015C
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00080198
.text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00080030
.text C:\Windows\system32\svchost.exe[1384] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1384] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0017006C
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001700A8
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001701D4
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001700E4
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00170120
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0017015C
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00170198
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00170030
.text C:\Windows\system32\svchost.exe[1384] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 00C900A8
.text C:\Windows\system32\svchost.exe[1384] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 00C900E4
.text C:\Windows\system32\svchost.exe[1384] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00C90120
.text C:\Windows\system32\svchost.exe[1384] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00C90030
.text C:\Windows\system32\svchost.exe[1384] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 00C9006C
.text C:\Windows\system32\nvvsvc.exe[1492] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00150030
.text C:\Windows\system32\nvvsvc.exe[1492] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0015006C
.text C:\Windows\system32\nvvsvc.exe[1492] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001700A8
.text C:\Windows\system32\nvvsvc.exe[1492] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001700E4
.text C:\Windows\system32\nvvsvc.exe[1492] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00170120
.text C:\Windows\system32\nvvsvc.exe[1492] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00170030
.text C:\Windows\system32\nvvsvc.exe[1492] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0017006C
.text C:\Windows\system32\nvvsvc.exe[1492] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0018006C
.text C:\Windows\system32\nvvsvc.exe[1492] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001800A8
.text C:\Windows\system32\nvvsvc.exe[1492] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001801D4
.text C:\Windows\system32\nvvsvc.exe[1492] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001800E4
.text C:\Windows\system32\nvvsvc.exe[1492] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00180120
.text C:\Windows\system32\nvvsvc.exe[1492] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0018015C
.text C:\Windows\system32\nvvsvc.exe[1492] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00180198
.text C:\Windows\system32\nvvsvc.exe[1492] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00180030
.text C:\Windows\system32\svchost.exe[1584] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1584] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1584] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001300A8
.text C:\Windows\system32\svchost.exe[1584] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001300E4
.text C:\Windows\system32\svchost.exe[1584] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00130120
.text C:\Windows\system32\svchost.exe[1584] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00130030
.text C:\Windows\system32\svchost.exe[1584] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0013006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00150030
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0015006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001700A8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001700E4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00170120
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00170030
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0017006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001800A8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00180120
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0018015C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00180198
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1716] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00180030
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1788] kernel32.dll!SetUnhandledExceptionFilter 759BA84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\system32\Dwm.exe[1948] ntdll.dll!LdrLoadDll 770893A8 3 Bytes JMP 00090030
.text C:\Windows\system32\Dwm.exe[1948] ntdll.dll!LdrLoadDll + 4 770893AC 1 Byte [89]
.text C:\Windows\system32\Dwm.exe[1948] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0009006C
.text C:\Windows\system32\Dwm.exe[1948] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 008C006C
.text C:\Windows\system32\Dwm.exe[1948] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 008C00A8
.text C:\Windows\system32\Dwm.exe[1948] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 008C01D4
.text C:\Windows\system32\Dwm.exe[1948] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 008C00E4
.text C:\Windows\system32\Dwm.exe[1948] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 008C0120
.text C:\Windows\system32\Dwm.exe[1948] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 008C015C
.text C:\Windows\system32\Dwm.exe[1948] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 008C0198
.text C:\Windows\system32\Dwm.exe[1948] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 008C0030
.text C:\Windows\system32\Dwm.exe[1948] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 008D00A8
.text C:\Windows\system32\Dwm.exe[1948] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 008D00E4
.text C:\Windows\system32\Dwm.exe[1948] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 008D0120
.text C:\Windows\system32\Dwm.exe[1948] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 008D0030
.text C:\Windows\system32\Dwm.exe[1948] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 008D006C
.text C:\Windows\Explorer.EXE[1976] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\Explorer.EXE[1976] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\Explorer.EXE[1976] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\Explorer.EXE[1976] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000800A8
.text C:\Windows\Explorer.EXE[1976] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000800E4
.text C:\Windows\Explorer.EXE[1976] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00080120
.text C:\Windows\Explorer.EXE[1976] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00080030
.text C:\Windows\Explorer.EXE[1976] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0008006C
.text C:\Windows\System32\spoolsv.exe[2028] ntdll.dll!LdrLoadDll 770893A8 3 Bytes JMP 00090030
.text C:\Windows\System32\spoolsv.exe[2028] ntdll.dll!LdrLoadDll + 4 770893AC 1 Byte [89]
.text C:\Windows\System32\spoolsv.exe[2028] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0009006C
.text C:\Windows\System32\spoolsv.exe[2028] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000B006C
.text C:\Windows\System32\spoolsv.exe[2028] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000B00A8
.text C:\Windows\System32\spoolsv.exe[2028] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\System32\spoolsv.exe[2028] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\System32\spoolsv.exe[2028] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 000B0120
.text C:\Windows\System32\spoolsv.exe[2028] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 000B015C
.text C:\Windows\System32\spoolsv.exe[2028] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 000B0198
.text C:\Windows\System32\spoolsv.exe[2028] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000B0030
.text C:\Windows\System32\spoolsv.exe[2028] USER32.dll!SetWindowsHookExA 75866322 3 Bytes JMP 001200A8
.text C:\Windows\System32\spoolsv.exe[2028] USER32.dll!SetWindowsHookExA + 4 75866326 1 Byte [8A]
.text C:\Windows\System32\spoolsv.exe[2028] USER32.dll!SetWindowsHookExW 758687AD 3 Bytes JMP 001200E4
.text C:\Windows\System32\spoolsv.exe[2028] USER32.dll!SetWindowsHookExW + 4 758687B1 1 Byte [8A]
.text C:\Windows\System32\spoolsv.exe[2028] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00120120
.text C:\Windows\System32\spoolsv.exe[2028] USER32.dll!SetWinEventHook 75869F3A 3 Bytes JMP 00120030
.text C:\Windows\System32\spoolsv.exe[2028] USER32.dll!SetWinEventHook + 4 75869F3E 1 Byte [8A]
.text C:\Windows\System32\spoolsv.exe[2028] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0012006C
.text C:\Windows\system32\svchost.exe[2096] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[2096] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[2096] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[2096] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000D00A8
.text C:\Windows\system32\svchost.exe[2096] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000D00E4
.text C:\Windows\system32\svchost.exe[2096] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 000D0120
.text C:\Windows\system32\svchost.exe[2096] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 000D0030
.text C:\Windows\system32\svchost.exe[2096] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 000D006C
.text C:\Windows\system32\taskeng.exe[2152] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\taskeng.exe[2152] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskeng.exe[2152] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\taskeng.exe[2152] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\taskeng.exe[2152] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\taskeng.exe[2152] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\taskeng.exe[2152] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\taskeng.exe[2152] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\taskeng.exe[2152] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\taskeng.exe[2152] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\taskeng.exe[2152] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001800A8
.text C:\Windows\system32\taskeng.exe[2152] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001800E4
.text C:\Windows\system32\taskeng.exe[2152] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00180120
.text C:\Windows\system32\taskeng.exe[2152] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00180030
.text C:\Windows\system32\taskeng.exe[2152] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0018006C
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] ntdll.dll!LdrLoadDll 770893A8 3 Bytes JMP 00090030
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] ntdll.dll!LdrLoadDll + 4 770893AC 1 Byte [89]
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0009006C
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000B006C
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000B00A8
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 000B0120
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 000B015C
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 000B0198
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000B0030
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000C00A8
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000C00E4
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 000C0120
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 000C0030
.text C:\Windows\system32\wbem\wmiprvse.exe[2212] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 000C006C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00150030
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0015006C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 002700A8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 002700E4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00270120
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00270030
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0027006C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0028006C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 002800A8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 002801D4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 002800E4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00280120
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0028015C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00280198
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2368] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00280030
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00150030
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0015006C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0028006C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 002800A8
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 002801D4
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 002800E4
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00280120
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0028015C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00280198
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00280030
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 002900A8
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 002900E4
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00290120
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00290030
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe[2700] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0029006C
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000700A8
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000700E4
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00070120
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00070030
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0007006C
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0008006C
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000800A8
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000801D4
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000800E4
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00080120
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0008015C
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00080198
.text C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[2848] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00080030
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00150030
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0015006C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001700A8
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001700E4
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00170120
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00170030
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0017006C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001800A8
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00180120
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0018015C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00180198
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe[2856] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00180030
.text C:\Windows\servicing\TrustedInstaller.exe[2892] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00080030
.text C:\Windows\servicing\TrustedInstaller.exe[2892] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0008006C
.text C:\Windows\servicing\TrustedInstaller.exe[2892] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000A006C
.text C:\Windows\servicing\TrustedInstaller.exe[2892] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000A00A8
.text C:\Windows\servicing\TrustedInstaller.exe[2892] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000A01D4
.text C:\Windows\servicing\TrustedInstaller.exe[2892] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000A00E4
.text C:\Windows\servicing\TrustedInstaller.exe[2892] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 000A0120
.text C:\Windows\servicing\TrustedInstaller.exe[2892] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 000A015C
.text C:\Windows\servicing\TrustedInstaller.exe[2892] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 000A0198
.text C:\Windows\servicing\TrustedInstaller.exe[2892] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000A0030
.text C:\Windows\servicing\TrustedInstaller.exe[2892] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000B00A8
.text C:\Windows\servicing\TrustedInstaller.exe[2892] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000B00E4
.text C:\Windows\servicing\TrustedInstaller.exe[2892] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 000B0120
.text C:\Windows\servicing\TrustedInstaller.exe[2892] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 000B0030
.text C:\Windows\servicing\TrustedInstaller.exe[2892] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 000B006C
.text C:\Program Files\Opera\Opera.exe[2944] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00060030
.text C:\Program Files\Opera\Opera.exe[2944] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0006006C
.text C:\Program Files\Opera\Opera.exe[2944] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001700A8
.text C:\Program Files\Opera\Opera.exe[2944] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001700E4
.text C:\Program Files\Opera\Opera.exe[2944] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00170120
.text C:\Program Files\Opera\Opera.exe[2944] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00170030
.text C:\Program Files\Opera\Opera.exe[2944] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0017006C
.text C:\Program Files\Opera\Opera.exe[2944] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Opera\Opera.exe[2944] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001800A8
.text C:\Program Files\Opera\Opera.exe[2944] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Opera\Opera.exe[2944] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Opera\Opera.exe[2944] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00180120
.text C:\Program Files\Opera\Opera.exe[2944] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0018015C
.text C:\Program Files\Opera\Opera.exe[2944] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00180198
.text C:\Program Files\Opera\Opera.exe[2944] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00180030
.text C:\Windows\system32\IoctlSvc.exe[2948] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00150030
.text C:\Windows\system32\IoctlSvc.exe[2948] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0015006C
.text C:\Windows\system32\IoctlSvc.exe[2948] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0017006C
.text C:\Windows\system32\IoctlSvc.exe[2948] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001700A8
.text C:\Windows\system32\IoctlSvc.exe[2948] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001701D4
.text C:\Windows\system32\IoctlSvc.exe[2948] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001700E4
.text C:\Windows\system32\IoctlSvc.exe[2948] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00170120
.text C:\Windows\system32\IoctlSvc.exe[2948] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0017015C
.text C:\Windows\system32\IoctlSvc.exe[2948] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00170198
.text C:\Windows\system32\IoctlSvc.exe[2948] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00170030
.text C:\Windows\system32\IoctlSvc.exe[2948] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001800A8
.text C:\Windows\system32\IoctlSvc.exe[2948] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001800E4
.text C:\Windows\system32\IoctlSvc.exe[2948] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00180120
.text C:\Windows\system32\IoctlSvc.exe[2948] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00180030
.text C:\Windows\system32\IoctlSvc.exe[2948] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0018006C
.text C:\Windows\system32\svchost.exe[2960] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[2960] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[2960] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001800A8
.text C:\Windows\system32\svchost.exe[2960] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001800E4
.text C:\Windows\system32\svchost.exe[2960] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00180120
.text C:\Windows\system32\svchost.exe[2960] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00180030
.text C:\Windows\system32\svchost.exe[2960] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0018006C
.text C:\Windows\system32\svchost.exe[2976] ntdll.dll!LdrLoadDll 770893A8 3 Bytes JMP 00090030
.text C:\Windows\system32\svchost.exe[2976] ntdll.dll!LdrLoadDll + 4 770893AC 1 Byte [89]
.text C:\Windows\system32\svchost.exe[2976] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0009006C
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000B006C
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000B00A8
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 000B0120
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 000B015C
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 000B0198
.text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000B0030
.text C:\Windows\System32\svchost.exe[3004] ntdll.dll!LdrLoadDll 770893A8 3 Bytes JMP 00090030
.text C:\Windows\System32\svchost.exe[3004] ntdll.dll!LdrLoadDll + 4 770893AC 1 Byte [89]
.text C:\Windows\System32\svchost.exe[3004] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0009006C
.text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000B006C
.text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000B00A8
.text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 000B0120
.text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 000B015C
.text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 000B0198
.text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000B0030
.text C:\Windows\system32\SearchIndexer.exe[3028] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\SearchIndexer.exe[3028] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\SearchIndexer.exe[3028] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\SearchIndexer.exe[3028] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\SearchIndexer.exe[3028] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\SearchIndexer.exe[3028] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\SearchIndexer.exe[3028] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\SearchIndexer.exe[3028] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\SearchIndexer.exe[3028] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\SearchIndexer.exe[3028] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\SearchIndexer.exe[3028] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000900A8
.text C:\Windows\system32\SearchIndexer.exe[3028] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000900E4
.text C:\Windows\system32\SearchIndexer.exe[3028] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00090120
.text C:\Windows\system32\SearchIndexer.exe[3028] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00090030
.text C:\Windows\system32\SearchIndexer.exe[3028] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0009006C
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00150030
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0015006C
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0019006C
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001900A8
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001901D4
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001900E4
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00190120
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0019015C
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00190198
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00190030
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001A00A8
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001A00E4
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 001A0120
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 001A0030
.text C:\Users\Klemens\Desktop\g2m3e4r.exe[3324] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 001A006C
.text C:\Windows\system32\wbem\unsecapp.exe[3500] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00060030
.text C:\Windows\system32\wbem\unsecapp.exe[3500] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0006006C
.text C:\Windows\system32\wbem\unsecapp.exe[3500] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\wbem\unsecapp.exe[3500] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\wbem\unsecapp.exe[3500] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\wbem\unsecapp.exe[3500] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\wbem\unsecapp.exe[3500] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\wbem\unsecapp.exe[3500] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\wbem\unsecapp.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\wbem\unsecapp.exe[3500] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\wbem\unsecapp.exe[3500] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000800A8
.text C:\Windows\system32\wbem\unsecapp.exe[3500] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\wbem\unsecapp.exe[3500] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00080120
.text C:\Windows\system32\wbem\unsecapp.exe[3500] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\wbem\unsecapp.exe[3500] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0008006C
.text C:\Program Files\Launch Manager\LManager.exe[3528] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Program Files\Launch Manager\LManager.exe[3528] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Program Files\Launch Manager\LManager.exe[3528] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0013006C
.text C:\Program Files\Launch Manager\LManager.exe[3528] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001300A8
.text C:\Program Files\Launch Manager\LManager.exe[3528] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001301D4
.text C:\Program Files\Launch Manager\LManager.exe[3528] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001300E4
.text C:\Program Files\Launch Manager\LManager.exe[3528] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00130120
.text C:\Program Files\Launch Manager\LManager.exe[3528] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0013015C
.text C:\Program Files\Launch Manager\LManager.exe[3528] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00130198
.text C:\Program Files\Launch Manager\LManager.exe[3528] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00130030
.text C:\Program Files\Launch Manager\LManager.exe[3528] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001400A8
.text C:\Program Files\Launch Manager\LManager.exe[3528] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001400E4
.text C:\Program Files\Launch Manager\LManager.exe[3528] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00140120
.text C:\Program Files\Launch Manager\LManager.exe[3528] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00140030
.text C:\Program Files\Launch Manager\LManager.exe[3528] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0014006C
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000800A8
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00080120
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\wbem\wmiprvse.exe[3640] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0008006C
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] ntdll.dll!LdrLoadDll 770893A8 3 Bytes JMP 00090030
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] ntdll.dll!LdrLoadDll + 4 770893AC 1 Byte [89]
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0009006C
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000C006C
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000C00A8
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000C01D4
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000C00E4
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 000C0120
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 000C015C
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 000C0198
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000C0030
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000D00A8
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000D00E4
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 000D0120
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 000D0030
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe[3652] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 000D006C
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00140030
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0014006C
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001700A8
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001700E4
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00170120
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00170030
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0017006C
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0018006C
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001800A8
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00180120
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0018015C
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00180198
.text C:\Program Files\CyberLink\Shared files\brs.exe[3664] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00180030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00160030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0016006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001700A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00170120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0017015C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00170198
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00170030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001800A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001800E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00180120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00180030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3696] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0018006C
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00150030
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0015006C
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 001700A8
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 001700E4
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00170120
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00170030
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0017006C
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001800A8
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00180120
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0018015C
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00180198
.text C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe[3712] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00180030
.text C:\Windows\ehome\ehtray.exe[3724] ntdll.dll!LdrLoadDll 770893A8 3 Bytes JMP 00090030
.text C:\Windows\ehome\ehtray.exe[3724] ntdll.dll!LdrLoadDll + 4 770893AC 1 Byte [89]
.text C:\Windows\ehome\ehtray.exe[3724] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0009006C
.text C:\Windows\ehome\ehtray.exe[3724] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000B006C
.text C:\Windows\ehome\ehtray.exe[3724] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000B00A8
.text C:\Windows\ehome\ehtray.exe[3724] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\ehome\ehtray.exe[3724] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\ehome\ehtray.exe[3724] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 000B0120
.text C:\Windows\ehome\ehtray.exe[3724] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 000B015C
.text C:\Windows\ehome\ehtray.exe[3724] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 000B0198
.text C:\Windows\ehome\ehtray.exe[3724] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000B0030
.text C:\Windows\ehome\ehtray.exe[3724] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000C00A8
.text C:\Windows\ehome\ehtray.exe[3724] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000C00E4
.text C:\Windows\ehome\ehtray.exe[3724] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 000C0120
.text C:\Windows\ehome\ehtray.exe[3724] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 000C0030
.text C:\Windows\ehome\ehtray.exe[3724] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 000C006C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00050030
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0005006C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000800A8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000800E4
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00080120
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00080030
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3732] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0008006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00040030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0004006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0006006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000600A8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000601D4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000600E4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00060120
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0006015C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00060198
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00060030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000700A8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000700E4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00070120
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00070030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3848] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0007006C
.text C:\Windows\ehome\ehmsas.exe[3860] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00040030
.text C:\Windows\ehome\ehmsas.exe[3860] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0004006C
.text C:\Windows\ehome\ehmsas.exe[3860] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 0007006C
.text C:\Windows\ehome\ehmsas.exe[3860] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000700A8
.text C:\Windows\ehome\ehmsas.exe[3860] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000701D4
.text C:\Windows\ehome\ehmsas.exe[3860] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000700E4
.text C:\Windows\ehome\ehmsas.exe[3860] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070120
.text C:\Windows\ehome\ehmsas.exe[3860] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 0007015C
.text C:\Windows\ehome\ehmsas.exe[3860] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070198
.text C:\Windows\ehome\ehmsas.exe[3860] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 00070030
.text C:\Windows\ehome\ehmsas.exe[3860] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 000800A8
.text C:\Windows\ehome\ehmsas.exe[3860] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 000800E4
.text C:\Windows\ehome\ehmsas.exe[3860] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 00080120
.text C:\Windows\ehome\ehmsas.exe[3860] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 00080030
.text C:\Windows\ehome\ehmsas.exe[3860] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 0008006C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 00160030
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 0016006C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] USER32.dll!SetWindowsHookExA 75866322 5 Bytes JMP 002C00A8
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] USER32.dll!SetWindowsHookExW 758687AD 5 Bytes JMP 002C00E4
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] USER32.dll!UnhookWindowsHookEx 758698DB 5 Bytes JMP 002C0120
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] USER32.dll!SetWinEventHook 75869F3A 5 Bytes JMP 002C0030
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] USER32.dll!UnhookWinEvent 7586C06F 5 Bytes JMP 002C006C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 002E006C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 002E00A8
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 002E01D4
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 002E00E4
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 002E0120
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 002E015C
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 002E0198
.text C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe[3920] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 002E0030
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Defogger log: defogger_disable by jpshortstuff (23.02.10.1) Log created at 18:25 on 05/03/2011 (Klemens) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Malware hatte nichts gefunden |
| Themen zu Vermutlich Problem mit Malware/Viurs |
| arbeitet, avast, avast!, blinkt, c:\windows\system32\services.exe, checkliste, desktop, dwm.exe, explorer.exe, festplatte, harddisk, ics, launch, lsass.exe, ntdll.dll, opera, opera.exe, packard bell, problem, scan, security, services.exe, software, starten, svchost.exe, system, tcp, temp, udp, virus, windows media player, winlogon.exe, wmp |
Baum-Darstellung