Home » Verbraucherschutz und Verbraucher Erfahrungen » Abzockerproblem mit Antivirus Doktor » Themenansicht
weitere Website Reputation & Verbraucherschutz Bewertungen auf » Webutation.net.
Abzockerproblem mit Antivirus Doktor |
||
|---|---|---|
| #0
| ||
|
25.08.2009, 09:42
Member
Beiträge: 11 |
#1
Hallo, hat jemand Erfahrungen mit antivirus-doktor.com und wie man die Anschrift dieser unseriösen Anbieter herausbekommen kann? Bin auf diese Abzocker reingefallen, die buchten auch gleich vom Konto ab. Laut Infos handelt es sich um sogenannte Internet-Abzocker und ein Programm, das offenbar Spyware lädt.
|
|
 
|
|
|
|
25.08.2009, 10:02
Moderator
Beiträge: 7805 |
#2
Das werden wohl Nachwirkungen von http://board.protecus.de/t37665.htm sein. Warum hast du die Hilfe von virenfinder nicht annehmen wollen, dann haettest du dir das jetzt alles sparen koennen........
Da diese Rougeware http://news.magnus.de/sicherheit/artikel/gdata-warnt-vor-antivirus-doktor-2009-und-fieser-abo-falle.html wohl mit Kreditkarte bezahlt werden muss, koenntest du versuchen mit Hilfe deiner Kartengesellschaft die Zahlung zu stornieren..... Abgesehen von alle dem, solltest du deinen Rechner neu aufsetzen! __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
25.08.2009, 10:11
Member
Themenstarter Beiträge: 11 |
#3
Hallo, Ralf, danke für den Tipp! In Sachen PC und Virenentfernung bin ich noch relativer Anfänger, deswegen bin ich auch auf diesen Abzockversuch reingefallen. Momentan läuft der PC wieder normal. Gruss Jörg.
|
|
|
|
|
|
|
25.08.2009, 11:46
Member
 Beiträge: 301 |
#4
Nur weil man keine Symptome merkt heißt das noch lange nicht dass dein Pc sauber ist !
Du solltest entweder neu aufsetzen oder wenigstens das hier http://board.protecus.de/t23188.htm abbarbeiten und die Logs hier posten ! __________ Mein Leben verläuft streng nach Murphys Gesetz |
|
|
|
|
|
|
27.08.2009, 22:04
...neu hier
Beiträge: 2 |
#5
ja, schließe mich damit meinem Vorredner an. Ich will garnicht mehr aufzählen, wie oft mein Virenscan versagt hat
|
|
|
|
|
|
|
29.08.2009, 02:31
Ehrenmitglied
 Beiträge: 6028 |
#6
Es gibt auch noch
 Installiere WOT http://www.mywot.com/ Add-on fuer FireFox https://addons.mozilla.org/en-US/firefox/addon/3456 __________ MfG Argus |
|
|
|
|
|
|
31.08.2009, 22:46
Member
Themenstarter Beiträge: 11 |
#7
Hier die Ergebnisse eines Scans mit Malwarebytes:
Malwarebytes' Anti-Malware 1.40 Datenbank Version: 2722 Windows 5.1.2600 Service Pack 3 31.08.2009 22:23:36 mbam-log-2009-08-31 (22-23-36).txt Scan-Methode: Vollständiger Scan (C:\|) Durchsuchte Objekte: 115297 Laufzeit: 27 minute(s), 24 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Dokumente und Einstellungen\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Dateien: C:\WINDOWS\system32\kbiwkmdwfwbwfx.dll (Rootkit.TDSS) -> Delete on reboot. C:\WINDOWS\system32\kbiwkmuyrwosvd.dll (Rootkit.TDSS) -> Delete on reboot. C:\WINDOWS\system32\drivers\kbiwkmktekewxd.sys (Rootkit.TDSS) -> Delete on reboot. C:\WINDOWS\TEMP\kbiwkmssievbxori.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. Gruss Jörg. |
|
|
|
|
|
|
31.08.2009, 23:23
Member
Themenstarter Beiträge: 11 |
#8
Hallo, und hier der Gmer-Report:
GMER 1.0.15.15077 [tu1hvfly.exe] - http://www.gmer.net Rootkit scan 2009-08-31 23:22:51 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7387514] <-- ROOTKIT !!! SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7376282] <-- ROOTKIT !!! SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7376474] <-- ROOTKIT !!! SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7387D00] <-- ROOTKIT !!! SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF7387FB8] <-- ROOTKIT !!! SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF73863FA] <-- ROOTKIT !!! SSDT \??\C:\Programme\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenProcess [0xBA373C90] <-- ROOTKIT !!! SSDT \??\C:\Programme\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenThread [0xBA373D7E] <-- ROOTKIT !!! SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7388422] <-- ROOTKIT !!! SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF73877D8] <-- ROOTKIT !!! SSDT \??\C:\Programme\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateProcess [0xBA373BF4] <-- ROOTKIT !!! SSDT \??\C:\Programme\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateThread [0xBA373EC4] <-- ROOTKIT !!! ---- Kernel code sections - GMER 1.0.15 ---- ? system32\drivers\bgwgokla.sys Das System kann den angegebenen Pfad nicht finden. ! ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Das System kann die angegebene Datei nicht finden. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[184] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\winlogon.exe[184] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01530001 .text C:\WINDOWS\system32\winlogon.exe[184] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\winlogon.exe[184] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[292] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\services.exe[292] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E20001 .text C:\WINDOWS\system32\services.exe[292] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\services.exe[292] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[304] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\lsass.exe[304] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BA0001 .text C:\WINDOWS\system32\lsass.exe[304] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\lsass.exe[304] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E10001 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Spyware Doctor\pctsSvc.exe[368] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044AD11 C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools) .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ntdll.dll!NtCreateFile + 5 7C91D0B3 10 Bytes [68, 28, 30, 40, 60, E9, C3, ...] {PUSH 0x60403028; JMP 0xffffffffe36ef4cd} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ntdll.dll!NtCreateKey + 5 7C91D0F3 10 Bytes [68, A0, 66, 41, 60, E9, 83, ...] {PUSH 0x604166a0; JMP 0xffffffffe36ef48d} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ntdll.dll!NtCreateSection + 5 7C91D183 10 Bytes [68, 60, 07, 41, 60, E9, F3, ...] {PUSH 0x60410760; JMP 0xffffffffe36ef3fd} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ntdll.dll!NtDeleteValueKey + 5 7C91D273 10 Bytes [68, A8, 21, 42, 60, E9, 03, ...] {PUSH 0x604221a8; JMP 0xffffffffe36ef30d} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ntdll.dll!NtLoadDriver + 5 7C91D473 10 Bytes [68, 10, 82, 40, 60, E9, 03, ...] {PUSH 0x60408210; JMP 0xffffffffe36ef10d} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ntdll.dll!NtMapViewOfSection + 5 7C91D523 1 Byte [68] .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ntdll.dll!NtMapViewOfSection + 5 7C91D523 10 Bytes [68, 00, 5C, 41, 60, E9, 53, ...] {PUSH 0x60415c00; JMP 0xffffffffe36ef05d} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ntdll.dll!NtOpenFile + 5 7C91D5A3 10 Bytes [68, 80, FC, 40, 60, E9, D3, ...] {PUSH 0x6040fc80; JMP 0xffffffffe36eefdd} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ntdll.dll!NtOpenKey + 5 7C91D5D3 10 Bytes [68, 10, 6C, 41, 60, E9, A3, ...] {PUSH 0x60416c10; JMP 0xffffffffe36eefad} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ntdll.dll!NtOpenProcess + 5 7C91D603 10 Bytes [68, 20, 51, 41, 60, E9, 73, ...] {PUSH 0x60415120; JMP 0xffffffffe36eef7d} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ntdll.dll!NtQueueApcThread + 5 7C91D9A3 10 Bytes [68, 90, 56, 41, 60, E9, D3, ...] {PUSH 0x60415690; JMP 0xffffffffe36eebdd} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ntdll.dll!NtSetValueKey + 5 7C91DDD3 1 Byte [68] .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ntdll.dll!NtSetValueKey + 5 7C91DDD3 10 Bytes [68, 00, 72, 40, 60, E9, A3, ...] {PUSH 0x60407200; JMP 0xffffffffe36ee7ad} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ntdll.dll!NtWriteFile + 5 7C91DF83 10 Bytes [68, F0, 01, 41, 60, E9, F3, ...] {PUSH 0x604101f0; JMP 0xffffffffe36ee5fd} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ntdll.dll!LdrLoadDll + 1 7C9263C4 9 Bytes JMP 6000C57C C:\Programme\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ntdll.dll!RtlCreateProcessParameters 7C932E99 10 Bytes [68, 10, BF, 40, 60, E9, DD, ...] {PUSH 0x6040bf10; JMP 0xffffffffe36d96e7} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [68, 18, 27, 42, 60, E9, 81, ...] {PUSH 0x60422718; JMP 0xffffffffe380aa8b} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [68, F0, 88, 41, 60, E9, 22, ...] {PUSH 0x604188f0; JMP 0xffffffffe380a72c} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes [68, 80, 83, 41, 60, E9, 84, ...] {PUSH 0x60418380; JMP 0xffffffffe380a68e} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [68, 40, 46, 41, 60, E9, 63, ...] {PUSH 0x60414640; JMP 0xffffffffe380a36d} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!CloseHandle 7C809BE7 10 Bytes [68, 08, 3B, 40, 60, E9, 8F, ...] {PUSH 0x60403b08; JMP 0xffffffffe3802999} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!SetEvent 7C80A0B7 10 Bytes [68, D8, 3C, 42, 60, E9, BF, ...] {PUSH 0x60423cd8; JMP 0xffffffffe38024c9} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!CreateEventW 7C80A749 10 Bytes [68, 60, 90, 40, 60, E9, 2D, ...] {PUSH 0x60409060; JMP 0xffffffffe3801e37} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!FreeLibrary 7C80AC7E 10 Bytes [68, 68, 37, 42, 60, E9, F8, ...] {PUSH 0x60423768; JMP 0xffffffffe3801902} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!GetModuleFileNameA + DF 7C80B64E 10 Bytes [68, 98, 35, 40, 60, E9, 28, ...] {PUSH 0x60403598; JMP 0xffffffffe3800f32} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!CreateMutexW 7C80E957 10 Bytes [68, 90, 99, 40, 60, E9, 1F, ...] {PUSH 0x60409990; JMP 0xffffffffe37fdc29} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!FindFirstFileExW 7C80EB1D 10 Bytes [68, 18, 74, 41, 60, E9, 59, ...] {PUSH 0x60417418; JMP 0xffffffffe37fda63} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!CreateRemoteThread + 1 7C8104CD 9 Bytes JMP 6000C57C C:\Programme\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!CreateThread 7C8106D7 10 Bytes [68, 60, 8E, 41, 60, E9, 9F, ...] {PUSH 0x60418e60; JMP 0xffffffffe37fbea9} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!CreateFileW 7C810800 10 Bytes [68, 08, 7A, 40, 60, E9, 76, ...] {PUSH 0x60407a08; JMP 0xffffffffe37fbd80} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!CreateProcessInternalW + 1 7C8197B1 9 Bytes JMP 6000C57C C:\Programme\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!ExitProcess 7C81CB12 10 Bytes [68, F8, 31, 42, 60, E9, 64, ...] {PUSH 0x604231f8; JMP 0xffffffffe37efa6e} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!CopyFileExW 7C827B32 10 Bytes [68, 78, 40, 40, 60, E9, 44, ...] {PUSH 0x60404078; JMP 0xffffffffe37e4a4e} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!PulseEvent 7C82C06E 10 Bytes [68, 48, 42, 42, 60, E9, 08, ...] {PUSH 0x60424248; JMP 0xffffffffe37e0512} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!CheckRemoteDebuggerPresent 7C85AAF2 10 Bytes [68, 70, B4, 40, 60, E9, 84, ...] {PUSH 0x6040b470; JMP 0xffffffffe37b1a8e} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!SetThreadContext 7C863C09 10 Bytes [68, B0, 4B, 41, 60, E9, 6D, ...] {PUSH 0x60414bb0; JMP 0xffffffffe37a8977} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!ReadConsoleA 7C872B5D 10 Bytes [68, 40, E7, 40, 60, E9, 19, ...] {PUSH 0x6040e740; JMP 0xffffffffe3799a23} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!ReadConsoleW 7C872BAC 10 Bytes [68, B0, EC, 40, 60, E9, CA, ...] {PUSH 0x6040ecb0; JMP 0xffffffffe37999d4} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!ReadConsoleInputA 7C874613 10 Bytes [68, 60, DC, 40, 60, E9, 63, ...] {PUSH 0x6040dc60; JMP 0xffffffffe3797f6d} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] kernel32.dll!ReadConsoleInputW 7C874636 10 Bytes [68, D0, E1, 40, 60, E9, 40, ...] {PUSH 0x6040e1d0; JMP 0xffffffffe3797f4a} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ADVAPI32.dll!RegQueryValueExW + 10C 77DA710B 10 Bytes [68, 30, A4, 40, 60, E9, 6B, ...] {PUSH 0x6040a430; JMP 0xffffffffe8265475} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ADVAPI32.dll!OpenServiceW 77DB6FFD 10 Bytes [68, 68, 0F, 41, 60, E9, 79, ...] {PUSH 0x60410f68; JMP 0xffffffffe8255583} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ADVAPI32.dll!ControlService 77DC4A09 10 Bytes [68, 60, 19, 41, 60, E9, 6D, ...] {PUSH 0x60411960; JMP 0xffffffffe8247b77} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ADVAPI32.dll!OpenServiceA 77DC4C66 10 Bytes [68, 18, 13, 41, 60, E9, 10, ...] {PUSH 0x60411318; JMP 0xffffffffe824791a} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 10 Bytes [68, C0, 20, 41, 60, E9, 0D, ...] {PUSH 0x604120c0; JMP 0xffffffffe8205717} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ADVAPI32.dll!ChangeServiceConfigW 77E07001 10 Bytes [68, 10, 1D, 41, 60, E9, 75, ...] {PUSH 0x60411d10; JMP 0xffffffffe820557f} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ADVAPI32.dll!CreateServiceA 77E07211 10 Bytes [68, E0, A7, 40, 60, E9, 65, ...] {PUSH 0x6040a7e0; JMP 0xffffffffe820536f} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] ADVAPI32.dll!CreateServiceW 77E073A9 10 Bytes [68, 90, AB, 40, 60, E9, CD, ...] {PUSH 0x6040ab90; JMP 0xffffffffe82051d7} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] USER32.dll!GetMessageW 7E3691C6 10 Bytes [68, 50, D1, 40, 60, E9, B0, ...] {PUSH 0x6040d150; JMP 0xffffffffe1ca33ba} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] USER32.dll!PeekMessageW 7E36929B 10 Bytes [68, B0, D8, 40, 60, E9, DB, ...] {PUSH 0x6040d8b0; JMP 0xffffffffe1ca32e5} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] USER32.dll!GetMessageA 7E37772B 10 Bytes [68, A0, CD, 40, 60, E9, 4B, ...] {PUSH 0x6040cda0; JMP 0xffffffffe1c94e55} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] USER32.dll!SetWindowsHookExW 7E37820F 10 Bytes [68, 00, 34, 41, 60, E9, 67, ...] {PUSH 0x60413400; JMP 0xffffffffe1c94371} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] USER32.dll!PeekMessageA 7E37A340 10 Bytes [68, 00, D5, 40, 60, E9, 36, ...] {PUSH 0x6040d500; JMP 0xffffffffe1c92240} .text C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Downloads\tu1hvfly.exe[400] USER32.dll!SetWindowsHookExA 7E381211 10 Bytes [68, B0, 37, 41, 60, E9, 65, ...] {PUSH 0x604137b0; JMP 0xffffffffe1c8b36f} .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01460001 .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 5F3D001E .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 5F36001E .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F33001E .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [3A, 5F] .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2F001E .text C:\Programme\BitDefender\BitDefender 2009\bdagent.exe[492] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 5F40001E .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[588] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E20001 .text C:\WINDOWS\system32\svchost.exe[588] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\svchost.exe[588] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F60001 .text C:\WINDOWS\system32\svchost.exe[652] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\svchost.exe[652] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01000001 .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F33001E .text C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe[716] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2F001E .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 0D620001 .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F33001E .text C:\Programme\BitDefender\BitDefender 2009\vsserv.exe[748] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2F001E .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2E, 5F] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [25, 5F] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [22, 5F] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [28, 5F] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1C, 5F] {SBB AL, 0x5f} .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1F, 5F] {POP DS; POP EDI} .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [2B, 5F] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 012D0001 .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] user32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 5F3E0F5A .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] user32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 5F370F5A .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] user32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F340F5A .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] user32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] user32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [3C, 5F] {CMP AL, 0x5f} .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] user32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F300F5A .text C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe[800] user32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 5F410F5A .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\wlangui.exe[812] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\Programme\avmwlanstick\wlangui.exe[812] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01490001 .text C:\Programme\avmwlanstick\wlangui.exe[812] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 5F3C0F5A .text C:\Programme\avmwlanstick\wlangui.exe[812] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 5F350F5A .text C:\Programme\avmwlanstick\wlangui.exe[812] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\avmwlanstick\wlangui.exe[812] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\wlangui.exe[812] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [3A, 5F] .text C:\Programme\avmwlanstick\wlangui.exe[812] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\avmwlanstick\wlangui.exe[812] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 5F3F0F5A .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2E, 5F] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [25, 5F] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [22, 5F] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [28, 5F] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1C, 5F] {SBB AL, 0x5f} .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1F, 5F] {POP DS; POP EDI} .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [2B, 5F] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 04BA0001 .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 5F3E0F5A .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 5F370F5A .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F340F5A .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [3C, 5F] {CMP AL, 0x5f} .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F300F5A .text C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe[908] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 5F410F5A .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FB0001 .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[952] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03660001 .text C:\WINDOWS\System32\svchost.exe[968] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\System32\svchost.exe[968] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1008] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\ctfmon.exe[1008] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DD0001 .text C:\WINDOWS\system32\ctfmon.exe[1008] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 5F3C0F5A .text C:\WINDOWS\system32\ctfmon.exe[1008] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 5F350F5A .text C:\WINDOWS\system32\ctfmon.exe[1008] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\ctfmon.exe[1008] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1008] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [3A, 5F] .text C:\WINDOWS\system32\ctfmon.exe[1008] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\ctfmon.exe[1008] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 5F3F0F5A .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02020001 .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 5F3C0F5A .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 5F350F5A .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [3A, 5F] .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe[1072] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 5F3F0F5A .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A60001 .text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CC0001 .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1412] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\spoolsv.exe[1412] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E60001 .text C:\WINDOWS\system32\spoolsv.exe[1412] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\spoolsv.exe[1412] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Spyware Doctor\pctsTray.exe[1456] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03AF0001 .text C:\Programme\Spyware Doctor\pctsTray.exe[1456] kernel32.dll!CreateThread + 1B 7C8106F2 3 Bytes CALL 0044ACCE C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools) .text C:\Programme\Spyware Doctor\pctsTray.exe[1456] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A .text C:\Programme\Spyware Doctor\pctsTray.exe[1456] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E90001 .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03210001 .text C:\WINDOWS\Explorer.EXE[1572] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\Explorer.EXE[1572] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\SCardSvr.exe[1580] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\System32\SCardSvr.exe[1580] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A10001 .text C:\WINDOWS\System32\SCardSvr.exe[1580] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\System32\SCardSvr.exe[1580] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01B00001 .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\avmwlanstick\WlanNetService.exe[1636] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\dmadmin.exe[1648] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\System32\dmadmin.exe[1648] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00570001 .text C:\WINDOWS\System32\dmadmin.exe[1648] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\System32\dmadmin.exe[1648] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\vssvc.exe[1672] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\System32\vssvc.exe[1672] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D80001 .text C:\WINDOWS\System32\vssvc.exe[1672] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\System32\vssvc.exe[1672] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\SOUNDMAN.EXE[1704] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\SOUNDMAN.EXE[1704] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EC0001 .text C:\WINDOWS\SOUNDMAN.EXE[1704] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 5F3C0F5A .text C:\WINDOWS\SOUNDMAN.EXE[1704] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 5F350F5A .text C:\WINDOWS\SOUNDMAN.EXE[1704] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\SOUNDMAN.EXE[1704] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\SOUNDMAN.EXE[1704] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [3A, 5F] .text C:\WINDOWS\SOUNDMAN.EXE[1704] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\SOUNDMAN.EXE[1704] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 5F3F0F5A .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A10001 .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[1800] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\nvsvc32.exe[1860] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\nvsvc32.exe[1860] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00920001 .text C:\WINDOWS\system32\nvsvc32.exe[1860] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\nvsvc32.exe[1860] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E40001 .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 5F3C0F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 5F350F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [3A, 5F] .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[1900] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 5F3F0F5A .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\TUProgSt.exe[1908] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\System32\TUProgSt.exe[1908] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006D0001 .text C:\WINDOWS\System32\TUProgSt.exe[1908] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\System32\TUProgSt.exe[1908] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\locator.exe[1936] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\locator.exe[1936] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009D0001 .text C:\WINDOWS\system32\locator.exe[1936] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\locator.exe[1936] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[2012] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\csrss.exe[2012] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01040001 .text C:\WINDOWS\system32\csrss.exe[2012] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\csrss.exe[2012] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00730001 .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Spyware Doctor\pctsAuxs.exe[2020] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Styler\Styler.exe[2112] ntdll.dll!NtCreateFile + 5 7C91D0B3 10 Bytes [68, 60, 2F, 40, 60, E9, C3, ...] {PUSH 0x60402f60; JMP 0xffffffffe36ef4cd} .text C:\Programme\Styler\Styler.exe[2112] ntdll.dll!NtCreateKey + 5 7C91D0F3 10 Bytes [68, 58, 7E, 41, 60, E9, 83, ...] {PUSH 0x60417e58; JMP 0xffffffffe36ef48d} .text C:\Programme\Styler\Styler.exe[2112] ntdll.dll!NtCreateSection + 5 7C91D183 10 Bytes [68, D8, 12, 41, 60, E9, F3, ...] {PUSH 0x604112d8; JMP 0xffffffffe36ef3fd} .text C:\Programme\Styler\Styler.exe[2112] ntdll.dll!NtDeleteValueKey + 5 7C91D273 10 Bytes [68, E0, 3C, 42, 60, E9, 03, ...] {PUSH 0x60423ce0; JMP 0xffffffffe36ef30d} .text C:\Programme\Styler\Styler.exe[2112] ntdll.dll!NtLoadDriver + 5 7C91D473 10 Bytes [68, 48, 81, 40, 60, E9, 03, ...] {PUSH 0x60408148; JMP 0xffffffffe36ef10d} .text C:\Programme\Styler\Styler.exe[2112] ntdll.dll!NtMapViewOfSection + 5 7C91D523 10 Bytes [68, B8, 73, 41, 60, E9, 53, ...] {PUSH 0x604173b8; JMP 0xffffffffe36ef05d} .text C:\Programme\Styler\Styler.exe[2112] ntdll.dll!NtOpenFile + 5 7C91D5A3 10 Bytes [68, F8, 07, 41, 60, E9, D3, ...] {PUSH 0x604107f8; JMP 0xffffffffe36eefdd} .text C:\Programme\Styler\Styler.exe[2112] ntdll.dll!NtOpenKey + 5 7C91D5D3 10 Bytes [68, C8, 83, 41, 60, E9, A3, ...] {PUSH 0x604183c8; JMP 0xffffffffe36eefad} .text C:\Programme\Styler\Styler.exe[2112] ntdll.dll!NtOpenProcess + 5 7C91D603 10 Bytes [68, D8, 68, 41, 60, E9, 73, ...] {PUSH 0x604168d8; JMP 0xffffffffe36eef7d} .text C:\Programme\Styler\Styler.exe[2112] ntdll.dll!NtQueueApcThread + 5 7C91D9A3 10 Bytes [68, 48, 6E, 41, 60, E9, D3, ...] {PUSH 0x60416e48; JMP 0xffffffffe36eebdd} .text C:\Programme\Styler\Styler.exe[2112] ntdll.dll!NtSetValueKey + 5 7C91DDD3 10 Bytes [68, 38, 71, 40, 60, E9, A3, ...] {PUSH 0x60407138; JMP 0xffffffffe36ee7ad} .text C:\Programme\Styler\Styler.exe[2112] ntdll.dll!NtWriteFile + 5 7C91DF83 10 Bytes [68, 68, 0D, 41, 60, E9, F3, ...] {PUSH 0x60410d68; JMP 0xffffffffe36ee5fd} .text C:\Programme\Styler\Styler.exe[2112] ntdll.dll!LdrLoadDll + 1 7C9263C4 9 Bytes JMP 6000C57C C:\Programme\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\Programme\Styler\Styler.exe[2112] ntdll.dll!RtlCreateProcessParameters 7C932E99 10 Bytes [68, 88, C3, 40, 60, E9, DD, ...] {PUSH 0x6040c388; JMP 0xffffffffe36d96e7} .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [68, 50, 42, 42, 60, E9, 81, ...] {PUSH 0x60424250; JMP 0xffffffffe380aa8b} .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [68, A8, A0, 41, 60, E9, 22, ...] {PUSH 0x6041a0a8; JMP 0xffffffffe380a72c} .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes [68, 38, 9B, 41, 60, E9, 84, ...] {PUSH 0x60419b38; JMP 0xffffffffe380a68e} .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [68, F8, 5D, 41, 60, E9, 63, ...] {PUSH 0x60415df8; JMP 0xffffffffe380a36d} .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!CloseHandle 7C809BE7 10 Bytes [68, 40, 3A, 40, 60, E9, 8F, ...] {PUSH 0x60403a40; JMP 0xffffffffe3802999} .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!SetEvent 7C80A0B7 10 Bytes [68, 10, 58, 42, 60, E9, BF, ...] {PUSH 0x60425810; JMP 0xffffffffe38024c9} .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!CreateEventW 7C80A749 10 Bytes [68, 98, 8F, 40, 60, E9, 2D, ...] {PUSH 0x60408f98; JMP 0xffffffffe3801e37} .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!FreeLibrary 7C80AC7E 10 Bytes [68, A0, 52, 42, 60, E9, F8, ...] {PUSH 0x604252a0; JMP 0xffffffffe3801902} .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!GetModuleFileNameA + DF 7C80B64E 10 Bytes [68, D0, 34, 40, 60, E9, 28, ...] {PUSH 0x604034d0; JMP 0xffffffffe3800f32} .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!CreateMutexW 7C80E957 10 Bytes [68, C8, 98, 40, 60, E9, 1F, ...] {PUSH 0x604098c8; JMP 0xffffffffe37fdc29} .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!FindFirstFileExW 7C80EB1D 10 Bytes [68, D0, 8B, 41, 60, E9, 59, ...] {PUSH 0x60418bd0; JMP 0xffffffffe37fda63} .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!CreateRemoteThread + 1 7C8104CD 9 Bytes JMP 6000C57C C:\Programme\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!CreateThread 7C8106D7 10 Bytes [68, 18, A6, 41, 60, E9, 9F, ...] {PUSH 0x6041a618; JMP 0xffffffffe37fbea9} .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!CreateFileW 7C810800 10 Bytes [68, 40, 79, 40, 60, E9, 76, ...] {PUSH 0x60407940; JMP 0xffffffffe37fbd80} .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!CreateProcessInternalW + 1 7C8197B1 9 Bytes JMP 6000C57C C:\Programme\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!ExitProcess 7C81CB12 10 Bytes [68, 30, 4D, 42, 60, E9, 64, ...] {PUSH 0x60424d30; JMP 0xffffffffe37efa6e} .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!CopyFileExW 7C827B32 10 Bytes [68, B0, 3F, 40, 60, E9, 44, ...] {PUSH 0x60403fb0; JMP 0xffffffffe37e4a4e} .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!PulseEvent 7C82C06E 10 Bytes [68, 80, 5D, 42, 60, E9, 08, ...] {PUSH 0x60425d80; JMP 0xffffffffe37e0512} .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!CheckRemoteDebuggerPresent 7C85AAF2 10 Bytes CALL 65E5EBAF .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!SetThreadContext 7C863C09 10 Bytes [68, 68, 63, 41, 60, E9, 6D, ...] {PUSH 0x60416368; JMP 0xffffffffe37a8977} .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!ReadConsoleA 7C872B5D 10 Bytes [68, B8, F2, 40, 60, E9, 19, ...] {PUSH 0x6040f2b8; JMP 0xffffffffe3799a23} .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!ReadConsoleW 7C872BAC 10 Bytes [68, 28, F8, 40, 60, E9, CA, ...] {PUSH 0x6040f828; JMP 0xffffffffe37999d4} .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!ReadConsoleInputA 7C874613 10 Bytes [68, D8, E7, 40, 60, E9, 63, ...] {PUSH 0x6040e7d8; JMP 0xffffffffe3797f6d} .text C:\Programme\Styler\Styler.exe[2112] kernel32.dll!ReadConsoleInputW 7C874636 10 Bytes [68, 48, ED, 40, 60, E9, 40, ...] {PUSH 0x6040ed48; JMP 0xffffffffe3797f4a} .text C:\Programme\Styler\Styler.exe[2112] ADVAPI32.dll!RegQueryValueExW + 10C 77DA710B 10 Bytes [68, 68, A3, 40, 60, E9, 6B, ...] {PUSH 0x6040a368; JMP 0xffffffffe8265475} .text C:\Programme\Styler\Styler.exe[2112] ADVAPI32.dll!OpenServiceW 77DB6FFD 10 Bytes [68, E0, 1A, 41, 60, E9, 79, ...] {PUSH 0x60411ae0; JMP 0xffffffffe8255583} .text C:\Programme\Styler\Styler.exe[2112] ADVAPI32.dll!ControlService 77DC4A09 10 Bytes [68, 58, 28, 41, 60, E9, 6D, ...] {PUSH 0x60412858; JMP 0xffffffffe8247b77} .text C:\Programme\Styler\Styler.exe[2112] ADVAPI32.dll!OpenServiceA 77DC4C66 10 Bytes [68, 50, 20, 41, 60, E9, 10, ...] {PUSH 0x60412050; JMP 0xffffffffe824791a} .text C:\Programme\Styler\Styler.exe[2112] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 10 Bytes [68, 38, 33, 41, 60, E9, 0D, ...] {PUSH 0x60413338; JMP 0xffffffffe8205717} .text C:\Programme\Styler\Styler.exe[2112] ADVAPI32.dll!ChangeServiceConfigW 77E07001 10 Bytes [68, C8, 2D, 41, 60, E9, 75, ...] {PUSH 0x60412dc8; JMP 0xffffffffe820557f} .text C:\Programme\Styler\Styler.exe[2112] ADVAPI32.dll!CreateServiceA 77E07211 10 Bytes [68, D8, A8, 40, 60, E9, 65, ...] {PUSH 0x6040a8d8; JMP 0xffffffffe820536f} .text C:\Programme\Styler\Styler.exe[2112] ADVAPI32.dll!CreateServiceW 77E073A9 10 Bytes [68, 48, AE, 40, 60, E9, CD, ...] {PUSH 0x6040ae48; JMP 0xffffffffe82051d7} .text C:\Programme\Styler\Styler.exe[2112] USER32.dll!GetMessageW 7E3691C6 10 Bytes [68, 88, D7, 40, 60, E9, B0, ...] {PUSH 0x6040d788; JMP 0xffffffffe1ca33ba} .text C:\Programme\Styler\Styler.exe[2112] USER32.dll!PeekMessageW 7E36929B 10 Bytes [68, 68, E2, 40, 60, E9, DB, ...] {PUSH 0x6040e268; JMP 0xffffffffe1ca32e5} .text C:\Programme\Styler\Styler.exe[2112] USER32.dll!GetMessageA 7E37772B 10 Bytes [68, 18, D2, 40, 60, E9, 4B, ...] {PUSH 0x6040d218; JMP 0xffffffffe1c94e55} .text C:\Programme\Styler\Styler.exe[2112] USER32.dll!SetWindowsHookExW 7E37820F 10 Bytes [68, 38, 48, 41, 60, E9, 67, ...] {PUSH 0x60414838; JMP 0xffffffffe1c94371} .text C:\Programme\Styler\Styler.exe[2112] USER32.dll!PeekMessageA 7E37A340 10 Bytes [68, F8, DC, 40, 60, E9, 36, ...] {PUSH 0x6040dcf8; JMP 0xffffffffe1c92240} .text C:\Programme\Styler\Styler.exe[2112] USER32.dll!SetWindowsHookExA 7E381211 10 Bytes [68, A8, 4D, 41, 60, E9, 65, ...] {PUSH 0x60414da8; JMP 0xffffffffe1c8b36f} .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00950001 .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 5F3C0F5A .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 5F350F5A .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [3A, 5F] .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\FinePixViewer\QuickDCF2.exe[2172] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 5F3F0F5A .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F] .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00580001 .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A .text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3128] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A .text C:\Programme\Mozilla Firefox\firefox.exe[3544] ntdll.dll!NtCreateFile + 5 7C91D0B3 10 Bytes [68, 70, 2F, 40, 60, E9, C3, ...] {PUSH 0x60402f70; JMP 0xffffffffe36ef4cd} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] ntdll.dll!NtCreateKey + 5 7C91D0F3 10 Bytes [68, 68, 7E, 41, 60, E9, 83, ...] {PUSH 0x60417e68; JMP 0xffffffffe36ef48d} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] ntdll.dll!NtCreateSection + 5 7C91D183 10 Bytes CALL 65F2129A .text C:\Programme\Mozilla Firefox\firefox.exe[3544] ntdll.dll!NtDeleteValueKey + 5 7C91D273 10 Bytes [68, 70, 40, 42, 60, E9, 03, ...] {PUSH 0x60424070; JMP 0xffffffffe36ef30d} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] ntdll.dll!NtLoadDriver + 5 7C91D473 10 Bytes [68, 58, 81, 40, 60, E9, 03, ...] {PUSH 0x60408158; JMP 0xffffffffe36ef10d} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] ntdll.dll!NtMapViewOfSection + 5 7C91D523 10 Bytes [68, C8, 73, 41, 60, E9, 53, ...] {PUSH 0x604173c8; JMP 0xffffffffe36ef05d} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] ntdll.dll!NtOpenFile + 5 7C91D5A3 10 Bytes [68, 08, 08, 41, 60, E9, D3, ...] {PUSH 0x60410808; JMP 0xffffffffe36eefdd} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] ntdll.dll!NtOpenKey + 5 7C91D5D3 10 Bytes [68, D8, 83, 41, 60, E9, A3, ...] {PUSH 0x604183d8; JMP 0xffffffffe36eefad} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] ntdll.dll!NtOpenProcess + 5 7C91D603 10 Bytes CALL 65F21770 .text C:\Programme\Mozilla Firefox\firefox.exe[3544] ntdll.dll!NtQueueApcThread + 5 7C91D9A3 10 Bytes [68, 58, 6E, 41, 60, E9, D3, ...] {PUSH 0x60416e58; JMP 0xffffffffe36eebdd} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] ntdll.dll!NtSetValueKey + 5 7C91DDD3 10 Bytes [68, 48, 71, 40, 60, E9, A3, ...] {PUSH 0x60407148; JMP 0xffffffffe36ee7ad} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] ntdll.dll!NtWriteFile + 5 7C91DF83 10 Bytes [68, 78, 0D, 41, 60, E9, F3, ...] {PUSH 0x60410d78; JMP 0xffffffffe36ee5fd} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] ntdll.dll!LdrLoadDll + 1 7C9263C4 9 Bytes JMP 6000C57C C:\Programme\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\Programme\Mozilla Firefox\firefox.exe[3544] ntdll.dll!RtlCreateProcessParameters 7C932E99 10 Bytes [68, 98, C3, 40, 60, E9, DD, ...] {PUSH 0x6040c398; JMP 0xffffffffe36d96e7} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [68, E0, 45, 42, 60, E9, 81, ...] {PUSH 0x604245e0; JMP 0xffffffffe380aa8b} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [68, 38, A4, 41, 60, E9, 22, ...] {PUSH 0x6041a438; JMP 0xffffffffe380a72c} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes [68, C8, 9E, 41, 60, E9, 84, ...] {PUSH 0x60419ec8; JMP 0xffffffffe380a68e} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [68, 08, 5E, 41, 60, E9, 63, ...] {PUSH 0x60415e08; JMP 0xffffffffe380a36d} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!CloseHandle 7C809BE7 10 Bytes [68, 50, 3A, 40, 60, E9, 8F, ...] {PUSH 0x60403a50; JMP 0xffffffffe3802999} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!SetEvent 7C80A0B7 10 Bytes [68, A0, 5B, 42, 60, E9, BF, ...] {PUSH 0x60425ba0; JMP 0xffffffffe38024c9} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!CreateEventW 7C80A749 10 Bytes [68, A8, 8F, 40, 60, E9, 2D, ...] {PUSH 0x60408fa8; JMP 0xffffffffe3801e37} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!FreeLibrary 7C80AC7E 10 Bytes [68, 30, 56, 42, 60, E9, F8, ...] {PUSH 0x60425630; JMP 0xffffffffe3801902} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!GetModuleFileNameA + DF 7C80B64E 10 Bytes [68, E0, 34, 40, 60, E9, 28, ...] {PUSH 0x604034e0; JMP 0xffffffffe3800f32} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!CreateMutexW 7C80E957 10 Bytes [68, D8, 98, 40, 60, E9, 1F, ...] {PUSH 0x604098d8; JMP 0xffffffffe37fdc29} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!FindFirstFileExW 7C80EB1D 10 Bytes [68, E0, 8B, 41, 60, E9, 59, ...] {PUSH 0x60418be0; JMP 0xffffffffe37fda63} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!CreateRemoteThread + 1 7C8104CD 9 Bytes JMP 6000C57C C:\Programme\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!CreateThread 7C8106D7 10 Bytes [68, A8, A9, 41, 60, E9, 9F, ...] {PUSH 0x6041a9a8; JMP 0xffffffffe37fbea9} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!CreateFileW 7C810800 10 Bytes [68, 50, 79, 40, 60, E9, 76, ...] {PUSH 0x60407950; JMP 0xffffffffe37fbd80} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!CreateProcessInternalW + 1 7C8197B1 9 Bytes JMP 6000C57C C:\Programme\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA) .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!ExitProcess 7C81CB12 10 Bytes [68, C0, 50, 42, 60, E9, 64, ...] {PUSH 0x604250c0; JMP 0xffffffffe37efa6e} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!CopyFileExW 7C827B32 10 Bytes [68, C0, 3F, 40, 60, E9, 44, ...] {PUSH 0x60403fc0; JMP 0xffffffffe37e4a4e} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!PulseEvent 7C82C06E 10 Bytes [68, 10, 61, 42, 60, E9, 08, ...] {PUSH 0x60426110; JMP 0xffffffffe37e0512} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!CheckRemoteDebuggerPresent 7C85AAF2 10 Bytes [68, F8, B8, 40, 60, E9, 84, ...] {PUSH 0x6040b8f8; JMP 0xffffffffe37b1a8e} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!SetThreadContext 7C863C09 10 Bytes [68, 78, 63, 41, 60, E9, 6D, ...] {PUSH 0x60416378; JMP 0xffffffffe37a8977} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!ReadConsoleA 7C872B5D 10 Bytes [68, C8, F2, 40, 60, E9, 19, ...] {PUSH 0x6040f2c8; JMP 0xffffffffe3799a23} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!ReadConsoleW 7C872BAC 10 Bytes [68, 38, F8, 40, 60, E9, CA, ...] {PUSH 0x6040f838; JMP 0xffffffffe37999d4} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!ReadConsoleInputA 7C874613 10 Bytes CALL 65E786FF .text C:\Programme\Mozilla Firefox\firefox.exe[3544] kernel32.dll!ReadConsoleInputW 7C874636 10 Bytes [68, 58, ED, 40, 60, E9, 40, ...] {PUSH 0x6040ed58; JMP 0xffffffffe3797f4a} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] ADVAPI32.dll!RegQueryValueExW + 10C 77DA710B 10 Bytes [68, 78, A3, 40, 60, E9, 6B, ...] {PUSH 0x6040a378; JMP 0xffffffffe8265475} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] ADVAPI32.dll!OpenServiceW 77DB6FFD 10 Bytes [68, F0, 1A, 41, 60, E9, 79, ...] {PUSH 0x60411af0; JMP 0xffffffffe8255583} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] ADVAPI32.dll!ControlService 77DC4A09 10 Bytes [68, 68, 28, 41, 60, E9, 6D, ...] {PUSH 0x60412868; JMP 0xffffffffe8247b77} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] ADVAPI32.dll!OpenServiceA 77DC4C66 10 Bytes [68, 60, 20, 41, 60, E9, 10, ...] {PUSH 0x60412060; JMP 0xffffffffe824791a} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 10 Bytes [68, 48, 33, 41, 60, E9, 0D, ...] {PUSH 0x60413348; JMP 0xffffffffe8205717} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] ADVAPI32.dll!ChangeServiceConfigW 77E07001 10 Bytes [68, D8, 2D, 41, 60, E9, 75, ...] {PUSH 0x60412dd8; JMP 0xffffffffe820557f} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] ADVAPI32.dll!CreateServiceA 77E07211 10 Bytes CALL 6140B2BE .text C:\Programme\Mozilla Firefox\firefox.exe[3544] ADVAPI32.dll!CreateServiceW 77E073A9 10 Bytes [68, 58, AE, 40, 60, E9, CD, ...] {PUSH 0x6040ae58; JMP 0xffffffffe82051d7} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] WS2_32.dll!WEP + FFFEF156 71A11273 10 Bytes CALL 5B01540B .text C:\Programme\Mozilla Firefox\firefox.exe[3544] WS2_32.dll!connect 71A14A07 10 Bytes [68, 48, C6, 41, 60, E9, 6F, ...] {PUSH 0x6041c648; JMP 0xffffffffee5f7b79} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] WS2_32.dll!send 71A14C27 10 Bytes [68, 40, BE, 41, 60, E9, 4F, ...] {PUSH 0x6041be40; JMP 0xffffffffee5f7959} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] WS2_32.dll!WSAStartup 71A16A55 10 Bytes [68, 58, 99, 41, 60, E9, 21, ...] {PUSH 0x60419958; JMP 0xffffffffee5f5b2b} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] USER32.dll!GetMessageW 7E3691C6 10 Bytes [68, 98, D7, 40, 60, E9, B0, ...] {PUSH 0x6040d798; JMP 0xffffffffe1ca33ba} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] USER32.dll!PeekMessageW 7E36929B 10 Bytes [68, 78, E2, 40, 60, E9, DB, ...] {PUSH 0x6040e278; JMP 0xffffffffe1ca32e5} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] USER32.dll!GetMessageA 7E37772B 10 Bytes [68, 28, D2, 40, 60, E9, 4B, ...] {PUSH 0x6040d228; JMP 0xffffffffe1c94e55} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] USER32.dll!SetWindowsHookExW 7E37820F 10 Bytes [68, 48, 48, 41, 60, E9, 67, ...] {PUSH 0x60414848; JMP 0xffffffffe1c94371} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] USER32.dll!PeekMessageA 7E37A340 10 Bytes [68, 08, DD, 40, 60, E9, 36, ...] {PUSH 0x6040dd08; JMP 0xffffffffe1c92240} .text C:\Programme\Mozilla Firefox\firefox.exe[3544] USER32.dll!SetWindowsHookExA 7E381211 10 Bytes [68, B8, 4D, 41, 60, E9, 65, ...] {PUSH 0x60414db8; JMP 0xffffffffe1c8b36f} ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC) AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC) AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC) AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC) ---- Services - GMER 1.0.15 ---- Service system32\drivers\kbiwkmktekewxd.sys (*** hidden *** ) [SYSTEM] kbiwkmoofxhpyl <-- ROOTKIT !!! Service (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmoofxhpyl@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmoofxhpyl@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmoofxhpyl@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmoofxhpyl@imagepath \systemroot\system32\drivers\kbiwkmktekewxd.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmoofxhpyl\main Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmoofxhpyl\main@aid 10002 Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmoofxhpyl\main@sid 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmoofxhpyl\main@cmddelay 14400 Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmoofxhpyl\main\delete Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmoofxhpyl\main\injector Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmoofxhpyl\main\injector@* kbiwkmwsp.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmoofxhpyl\main\tasks Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmoofxhpyl\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmoofxhpyl\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmktekewxd.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmoofxhpyl\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmuyrwosvd.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmoofxhpyl\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmdmtasfti.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmoofxhpyl\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmdwfwbwfx.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmoofxhpyl\modules@kbiwkm.dat \systemroot\system32\kbiwkmyxelcqgg.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACralyapqqik.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACmfydwrnvth.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqinsftijln.dll Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmoofxhpyl@start 1 Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmoofxhpyl@type 1 Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmoofxhpyl@group file system Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmoofxhpyl@imagepath \systemroot\system32\drivers\kbiwkmktekewxd.sys Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmoofxhpyl\main (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmoofxhpyl\main@aid 10002 Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmoofxhpyl\main@sid 1 Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmoofxhpyl\main@cmddelay 14400 Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmoofxhpyl\main\delete (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmoofxhpyl\main\injector (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmoofxhpyl\main\injector@* kbiwkmwsp.dll Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmoofxhpyl\main\tasks (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmoofxhpyl\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmoofxhpyl\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmktekewxd.sys Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmoofxhpyl\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmuyrwosvd.dll Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmoofxhpyl\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmdmtasfti.dat Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmoofxhpyl\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmdwfwbwfx.dll Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmoofxhpyl\modules@kbiwkm.dat \systemroot\system32\kbiwkmyxelcqgg.dat Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACralyapqqik.sys Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACmfydwrnvth.dll Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqinsftijln.dll Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 1B30017CB568BDAFA14FEAE414EC2F3A38732B694CA3DD6F3BDD86A657BA695DB25876A1C03C374F436A0F239D24A0CDA95BF35D91D3A86CCD88D36765C549EB5E0A00022F234B2FFE258DB50A9934F388140AB3578B3FE55419B7941B89678520DFE7DFDCA302CE78B6D8E126806B3FB693A756FD4BBB271260D65F0AF31AC6BD2BDCCF2D398D41940FC6C2C400EED95B83EF84E809618B8E68BB4AC6685AE13EEF703A05D1BE2DFC4F95463D350C006344E5517FAD148697ECD32DE9BB471E6FE71B5BCDD18C4E21CAE2ACE9B03081FBE672A3AD175C1B3BDAEE358FB7A0D5E37E34C5F48E9174330D320CA9F5714219326136E293FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B9808A2D97226D213B555A2D97226D213B5551BC768652C4BC7F1401987D556A5C5FE761CF0970EA18E6964C9F027B78964175D29F33176FAD496095385961C9344099DC0DD432FEA7D662CED7ED1F9535E00FAC7647DAFFB8AE3ED6D45EA9E54348A84435B3AF0C16FCBE04F49E9FE2F9DB2E4EA038E35DE5F97D946CF5482989D0A2FB5D6595F1F1E90C052BE495B77ABB5B2ED5DD743834DE0DDCBF305D0698A06C6BC7DAF6E4FC29F2DF310FA8CDD957F9FBEC604FE1FD3E4AC04C6E273200DEE9991C681F1F022D5ACC Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOCC06.00.00.01WSSV 1F95E017F6B30C28B0E08B475F0A6F873E4F94CDF21A0307E7CDD9343FCBDD8A0A9C0626B4F40F9B68E0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DA2D97226D213B5558EDD5E5BE2F6E66758CEA9637F9FBE8DE02E16289A023C7AF1BE931B983BB8AA0D11484C45074044DC3F02DF7603840C031658B727F98472717CD6E01379BF6D55B8BDDC6FBD03279002D03628E6B778C7DCB3E0B50350B8F7CDD973FDE6BAD6A45C87294656E9C68FDE5AB8B97BE740051E6DF275B10347B64505BF309B7D0DA4A1CC5A6B8D58989933A8EE34452944B38E1072F7EF008DFE8B01E66686DCACA146775062F7B70595F10514061A95DB7273E799B5F7B26FC8DABB3EBF6934C68A9A389B937B71688B1E81197F27495182A706D306DC09422D03E6D0BED9E35EF3828104CBD3771528D272A0D66D64E0CA98BFC1A883F252ECE67ADACBC14B6B95750A04BA8DBBCF3C3BEF0224BE0BBDD4C9ADB6C022675D6A7DAF4F32DD545A4A80CCC8750EB5D03D9BD4496642670F4D502EBCD4C85F18AC538452A041670B14C50AB7738AE2C64346C1B5FD76A56C08D6E010CC56D8285E86BB3DAA51F35195764464920EC1510CA69BBA31A875E5F91C2CA1F97F552A4FCAD99D48C7ECF4965BC21B91F7D585F7B88A80A87 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION E26854DBF130100AD5FB97DF9BB140F5E37B9B1E6EBEF0FA29E58E9BB3F6F78AF2E52418171366B7BB7632C188D4C7F4EB94937BE6FD31E3F004E9B7FC5FA5B41E9E9C564FEC4213E6373722B66EC0225D8E0E58CB35499109543DB8A8E912360EB8E7AFEC664D3A1C8F570FA59DEB5DB983E2CF6C1BAE4352D8256B708787CC1EBE8744B8C8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CA6171C11EC38DE3DFEBC9E127BECC74CEC719687D8EA83E73428399C563EBCF47276E2B2539049A5C71630AF78E89FF02A08EC39393491174678F70AE0B093BB31AA7A4F67DFD98F6B77E8211E8EC7082A5EDC03A36A2B300021B1F22FAEC5FEC7F20193A6CEAFC165B661D30B487D18DBCF7E3CAD73C0FCA67D7BBBBAEA5461EC4A280A8D03F65A848E071B60CDB8563FF59DA3BE3639E80D281DA84FA030A96BEF5622EEA74E98A6FC7CAF965B679B693239D912A0ED099F839364100E424323E3243070EA4D6041C5972E76B0EAE4042884E4B8222E125CB48FFD6FF3E43C876EDF6A0C0077B85CF164189F9018D24CC0682E94B03B5DD324F4E73818E649209889EC8F1E4CCE1349A04F8543382B14A7FD03DEC34B69AF015CF685438BBE08AFD8389B7EB97197DDBE9DED9387553F4D9894A35988D7A63 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION F9591D7648870595E55FAE586D31EA44A18AE3297D7A1D1B968BDDD7BD6713A633549B895E0F1ACEE5A336E316BDF0E86632EAEC191F455A4AE97C6ED3816FC9F0275CF57E2090E5BC94A65CFC05EE31968D72E08E732E694D1969D350EB52F837E937520CB616F830FB470FD7828EC35FB6CD2C09149E98D024A4A9F306BC4B5B37FAD8FA130888DD26516FF0782AAB43C9C11B47640F1ADB1AA0311271E6BB0AB16864D538FBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A6171C11EC38DE3DBA7FD869164D6794F14B4AF7BE45FE8E86E3177CE56F89AA71F9F6FD7FCDE65A97D89F04F716F2F5923BCD158A2A636622F348A7F863CF75B36379D956B3D37170C21101E31A3C2563BB4185F85CC61B284E7F0E7E1D712E2E11DE7FF93B53F510AE73C628801473EF484B7225A563196B97F3A72B9C09A120EA10D4D73804AFBD6A00C68B97BBC327B496FE50683885A54560E1D779F6CEA92B79B40216C59A2415F4EA78BB3232DCA6D2BCDD988834F123059C81DA60E851648B6C2CD23E684F25928B7EE1C08A4817B036D5BE5B31524FA52EC87F2D5880F73B3D3380D6FBB4E120F85011EE4F05D46765E3757CBAA9BB0A6072B709B7831F80DE14453CEFA9E8E675C5640C351300B2BA576F7AC24 Reg HKLM\SOFTWARE\Classes\CLSID\{969D404C-EC53-A9AF-A02B8ED8C194B4B8}\{49CEC6C1-E90A-6C40-7DC9D5345834AD37}\{B3C560DA-C3C9-1298-A5CC78F93CD65657} Reg HKLM\SOFTWARE\Classes\CLSID\{969D404C-EC53-A9AF-A02B8ED8C194B4B8}\{49CEC6C1-E90A-6C40-7DC9D5345834AD37}\{B3C560DA-C3C9-1298-A5CC78F93CD65657}@JXHEEWBAWGTVNQUIE1GK2LLYIF1 0x01 0x00 0x01 0x00 ... ---- EOF - GMER 1.0.15 ---- |
|
|
|
|
|
|
31.08.2009, 23:34
Member
Themenstarter Beiträge: 11 |
#9
Und hier das Hijack This-Log:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:31:25, on 31.08.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe C:\Programme\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\SCardSvr.exe C:\Programme\avmwlanstick\WlanNetService.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\locator.exe C:\Programme\Spyware Doctor\pctsAuxs.exe C:\Programme\Spyware Doctor\pctsSvc.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\BitDefender\BitDefender 2009\bdagent.exe C:\Programme\avmwlanstick\wlangui.exe C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Spyware Doctor\pctsTray.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\System32\vssvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\dmadmin.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Programme\FinePixViewer\QuickDCF2.exe C:\Programme\Styler\Styler.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl-start.computerbild.de/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.1und1.de/links/home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://go.1und1.de/suchbox/1und1suche?su=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer bereitgestellt von 1&1 Internet AG R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box;<local> R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - mscoree.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - mscoree.dll (file missing) O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [EPSON Stylus C86 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P33 "EPSON Stylus C86 Series (Kopie 1)" /O6 "USB001" /M "Stylus C86" O4 - HKLM\..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [BitDefender Security Center] "C:\Programme\BitDefender\BitDefender 2009\seccenter.exe" /init O4 - HKLM\..\Run: [BDAgent] "C:\Programme\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programme\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe O4 - HKCU\..\Run: [GMX SMS-Manager] C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2009\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [1&1 EasyLogin] C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Styler.lnk = ? O4 - Global Startup: 1&1 O4 - Global Startup: ExifLauncher2.lnk = C:\Programme\FinePixViewer\QuickDCF2.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {7ADCAE3E-B2C0-49B8-BEED-AEF0699B453D} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {7ADCAE3E-B2C0-49B8-BEED-AEF0699B453D} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {884800AB-AD82-4128-BCFB-17D93593C127} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {884800AB-AD82-4128-BCFB-17D93593C127} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O15 - Trusted Zone: http://support.f-secure.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182111686500 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Programme\BitDefender\BitDefender 2009\vsserv.exe -- End of file - 9823 bytes |
|
|
|
|
|
|
31.08.2009, 23:38
Member
Themenstarter Beiträge: 11 |
#10
Hier die Uninstall-Liste:
1&1 EasyLogin Acrobat.com Adobe AIR Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Reader 9.1.1 Apple Software Update Ashampoo Burning Studio 6 FREE AVM FRITZ!WLAN Azureus BitDefender Internet Security 2009 CCleaner (remove only) COMPUTERBILD-Abzockschutz EPSON-Drucker-Software FinePix Studio FinePixViewer Ver.5.4 FireTune FRITZ!Box FUJIFILM USB Driver GIMP 2.4.5 GMX SMS-Manager HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) IrfanView (remove only) J2SE Runtime Environment 5.0 Update 7 Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 German Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft Office Live Add-in 1.4 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Word 2002 Microsoft Works Microsoft Works Suite-Add-Ins für Microsoft Word Mozilla Firefox (3.5.2) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6.0 Parser (KB925673) NVIDIA Drivers Opera 9.64 Papyrus WORKS 11.28 Secunia PSI Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Setup-Start von Microsoft Works 2005 Shockwave Sicherheitsupdate für Windows Internet Explorer 8 (KB972260) Spyware Doctor 6.1 Styler Total Commander (Remove or Repair) TuneUp Utilities 2009 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Virtual Machine Network Services Driver Windows Internet Explorer 8 Windows Live ID-Anmelde-Assistent Windows Media Format 11 runtime Windows Media Player 11 WinRAR archiver Zune Desktop Theme Gruss Jörg. |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten