Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

analyse rapport HijackThis

nulleninfo31
 Partager

Messages recommandés

Loup blanc Godlike Member

Loup blanc

Posté(e)
Posté(e)

Re,

 

Suis cette procédure stp :

 

  • Télécharge Gmer sur ton bureau
  • Ouvre le poste de travail, puis ta partition C: et crée un nouveau dossier nommé «Gmer» (clic droit dans un espace vide, puis «Nouveau», «Dossier»)
  • Retourne sur ton bureau et fait un clic droit sur le fichier téléchargé puis choisis «Extraire tout»
  • Sélectionne le dossier créé comme destination,
  • Fait ensuite un double clic sur le ficher Gmer.exe (dans le nouveau dossier),
  • Dans l'onglet «Rootkit/Malware» de Gmer, clic sur le bouton «Scan»
  • A la fin de celui-ci, clique sur le bouton «Copie»
  • Colle enfin le résultat dans ton prochain message,

nulleninfo31 Junior Member

nulleninfo31

Posté(e)
  • Auteur
Posté(e)

Bonsoir,

 

Voilà ce que j'ai récolté sur Gmer :

 

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-06-26 20:31:20

Windows 5.1.2600 Service Pack 2

 

 

---- System - GMER 1.0.14 ----

 

SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateKey [0xF70827A6]

SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0xF707F794]

SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcessEx [0xF707FF1E]

SSDT FA5A0A34 ZwCreateThread

SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteKey [0xF70831F0]

SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteValueKey [0xF708342A]

SSDT FA5A0A20 ZwOpenProcess

SSDT FA5A0A25 ZwOpenThread

SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwRenameKey [0xF708412A]

SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwSetValueKey [0xF708383C]

SSDT FA5A0A2F ZwTerminateProcess

SSDT FA5A0A2A ZwWriteVirtualMemory

 

---- Kernel code sections - GMER 1.0.14 ----

 

? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Le fichier spécifié est introuvable. !

 

---- User code sections - GMER 1.0.14 ----

 

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, EC, 84 ]

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 94, 84 ]

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 9E, 84 ]

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 84, 84 ]

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\PROGRA~1\Wanadoo\ComComp.exe[408] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 71, 85 ]

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\PROGRA~1\Wanadoo\Toaster.exe[464] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 62, 84 ]

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 96, 84 ]

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 90, 84 ]

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\WINDOWS\system32\csrss.exe[612] KERNEL32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, E1, 84 ]

.text C:\WINDOWS\system32\csrss.exe[612] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\system32\csrss.exe[612] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 3E, 84 ]

.text C:\WINDOWS\system32\winlogon.exe[636] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\system32\winlogon.exe[636] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 09, 84 ]

.text C:\WINDOWS\system32\services.exe[680] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\system32\services.exe[680] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\WINDOWS\system32\lsass.exe[692] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 33, 84 ]

.text C:\WINDOWS\system32\lsass.exe[692] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\system32\lsass.exe[692] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 37, 84 ]

.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 07, 84 ]

.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 26, 84 ]

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\System32\FTRTSVC.exe[1004] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 8B, 84 ]

.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 0E, 84 ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, EF, 83 ]

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 24, 84 ]

.text C:\WINDOWS\System32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\System32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1208] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 43, A1, C3, 83 ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, EC, 83 ]

.text C:\WINDOWS\System32\svchost.exe[1312] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\System32\svchost.exe[1312] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\WINDOWS\Explorer.EXE[1368] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, A9, 84 ]

.text C:\WINDOWS\Explorer.EXE[1368] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\Explorer.EXE[1368] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 7F, 85 ]

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\system32\LEXBCES.EXE[1500] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 7D, 84 ]

.text C:\WINDOWS\system32\spoolsv.exe[1540] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\system32\spoolsv.exe[1540] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 3D, 85 ]

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\system32\LEXPPS.EXE[1556] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, BC, 83 ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]

.text C:\WINDOWS\system32\wuauclt.exe[1628] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\system32\wuauclt.exe[1628] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\WINDOWS\system32\slserv.exe[1856] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, B8, 83 ]

.text C:\WINDOWS\system32\slserv.exe[1856] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\system32\slserv.exe[1856] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 90, 84 ]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, C6, 84 ]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 0F, 84 ]

.text C:\WINDOWS\SOUNDMAN.EXE[1920] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\SOUNDMAN.EXE[1920] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 46, 84 ]

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 5F, 84 ]

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\Program Files\QuickTime\qttask.exe[1948] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, AF, 8C ]

.text C:\Program Files\QuickTime\qttask.exe[1948] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\Program Files\QuickTime\qttask.exe[1948] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 44, 84 ]

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\Program Files\Spyware Doctor\pctsTray.exe[1988] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 71, 87 ]

.text C:\Program Files\Spyware Doctor\pctsTray.exe[1988] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 57, 9E, C3, 83 ]

.text C:\Program Files\Spyware Doctor\pctsTray.exe[1988] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Spyware Doctor\pctsTray.exe[1988] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, AC, 84 ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 90, 84 ]

.text C:\WINDOWS\system32\ctfmon.exe[2028] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\system32\ctfmon.exe[2028] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 2C, 84 ]

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 32, 84 ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\PROGRA~1\Wanadoo\Watch.exe[2044] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, BE, 83 ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\Program Files\Internet Explorer\iexplore.exe[2328] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\Gmer\gmer.exe[3548] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\Gmer\gmer.exe[3548] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, BA, 83 ]

.text C:\Gmer\gmer.exe[3548] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]

.text C:\Gmer\gmer.exe[3548] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\Gmer\gmer.exe[3548] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 1C, 84 ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ]

.text C:\WINDOWS\System32\alg.exe[3644] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 06, 84 ]

.text C:\WINDOWS\System32\alg.exe[3644] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]

.text C:\WINDOWS\System32\alg.exe[3644] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A

.text C:\WINDOWS\System32\alg.exe[3644] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A

 

---- Devices - GMER 1.0.14 ----

 

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Pilote de la classe Souris/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

 

---- EOF - GMER 1.0.14 ----

 

Loup blanc Godlike Member

Loup blanc

Posté(e)
Posté(e)

Bonsoir Nulleninfo,

 

Peux-tu me dire si tu connais le contenu des répertoires suivants :

C:\Program Files\Virus

C:\Program Files\Mydoom Sasser

C:\Program Files\A JETER

Loup blanc Godlike Member

Loup blanc

Posté(e)
Posté(e)

Bonjour Nulleninfo,

Ok donc rien de spécial de ce coté là.

Fait l'essai en désinstallant SpywareDoctor.

 

Une autre chose à virer, c'est le Kit de connexion Orange (ainsi que leur Navigateur : Woobrowser), ce log pose pas mal de problèmes et ne sert à rien (sans lui, la connexion à la livebox est permanante), il faut juste prendre quelques précautions avant de le désinstaller :

Dans le cas de l'utilisation de Outlook Express, il faut noter les logins (identifiant) et mot de passe de chaque messagerie configurées.

Avec certaines anciennes versions du Kit, la désinstallation posait des problèmes avec les mots de passe de messagerie qui n'étaient plus acceptés dans Outlook express. Pour résoudre le problème, il faut supprimer les comptes dans Outlok Express puis les recréer.

nulleninfo31 Junior Member

nulleninfo31

Posté(e)
  • Auteur
Posté(e)

Bonjour Desh,

 

J'ai désinstallé Spyware et supprimé le navigateur Woobrowser.

Par contre, je ne sais pas à quoi le kit de connexion orange correspond (= les noms de fichiers à éliminer physiquement) ?

Je n'utilise pas du tout Outlook, je n'ai jamais réussi à supprimer le dossier présent dans Program Files, impossible !

On dirait que l'ordinateur fonctionne mieux, un grand MERCI à toi pour cette aide précieuse !!! :P

A+

Loup blanc Godlike Member

Loup blanc

Posté(e)
Posté(e)

BonjourNulleninfo,

 

Tant mieux si la désinstallation de Spyware Doctor à suffit pour que tu retrouves des performances acceptables.

 

Pour supprimer le kit de connexion Orange, il faut le chercher dans Ajout/Suppression de programmes, il doit s'appeler "Gestionnaire Internet".

Désinstalle le que si ton PC n'est pas encore au top, mais si il fonctionne normalement, tu peux le garder (personnellement je n'aime pas ce truc qui pose pas mal de problème, mais si il fonctionne bien, sa désinstallation ne changera probablement rien ou pas grand chose).

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...