Windowsclick virus
euphoria
-
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,
J'ai un virus sur mon ordinateur. Quand je lance une recherche sur google (qui a changé d'interface) il me redirige automatiquement vers une nouvelle fenêtre ''windowsclick''.
J'ai essayé de l'enlever avec Spyware doctor et avast. Il ne trouve aucun virus...
J'ai essayé de trouver sur internet comment faire mais les seules aides sont avec combofix qui n'existe plus pour le téléchargement...
J'ai vraiment besoin d'aide c'est sur mon PC de bureau (donc il y a des données confidentielles)
Voici le Hijackthis de mon ordi : Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:35:50, on 2009-02-17
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\VersalSoft\InternetDownload\InternetDownload.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download by VersalSoft Internet Download - C:\Program Files\VersalSoft\InternetDownload\adddownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = toutcomptefait.ca
O17 - HKLM\Software\..\Telephony: DomainName = toutcomptefait.ca
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = toutcomptefait.ca
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = toutcomptefait.ca
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gestionnaire de connexion de Simple Comptable - Sage Software - C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6904 bytes
J'ai un virus sur mon ordinateur. Quand je lance une recherche sur google (qui a changé d'interface) il me redirige automatiquement vers une nouvelle fenêtre ''windowsclick''.
J'ai essayé de l'enlever avec Spyware doctor et avast. Il ne trouve aucun virus...
J'ai essayé de trouver sur internet comment faire mais les seules aides sont avec combofix qui n'existe plus pour le téléchargement...
J'ai vraiment besoin d'aide c'est sur mon PC de bureau (donc il y a des données confidentielles)
Voici le Hijackthis de mon ordi : Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:35:50, on 2009-02-17
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\VersalSoft\InternetDownload\InternetDownload.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download by VersalSoft Internet Download - C:\Program Files\VersalSoft\InternetDownload\adddownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = toutcomptefait.ca
O17 - HKLM\Software\..\Telephony: DomainName = toutcomptefait.ca
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = toutcomptefait.ca
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = toutcomptefait.ca
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gestionnaire de connexion de Simple Comptable - Sage Software - C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6904 bytes
Configuration: Windows 2000 Firefox 2.0.0.14
A voir également:
- Windowsclick virus
- Virus mcafee - Accueil - Piratage
- Comment détruire un virus informatique - Guide
- Powershell.exe virus - Guide
- Undisclosed-recipients virus - Guide
- Impossible de terminer l'opération car le fichier contient un virus - Forum Virus
42 réponses
- 1
- 2
- 3
Suivant
Re,
oui, encore des choses à faire.
Lis bien et exécute cette manip dans l’ordre.
#Télécharge et installe ces logiciels (si tu ne les as pas) pour les 3 premiers
mets les à jour, comme indiqué dans les démos ou tutos.
Ne les utilise pas tout de suite.
Antispywares et autres :
Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton bureau à partir de ce lien :
https://www.malwarebytes.com/
A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.
Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.
Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.
MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue.
Nettoyeurs (de fichiers inutiles) et autres :
*Ccleaner (gratuit)
Téléchargement :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Tuto :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
Lors de l’installation, [décoche] l’option qui t’installerait la barre Yahoo !
========================================
->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage
[Coche] « afficher les dossiers et fichiers cachés »
[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »
[Décoche] « masquer les extensions dont le type est connu »
Puis fais [appliquer] pour valider les changements.
Et [Ok]
.
=======================================
========================================
->Lance CCleaner.
Suppression des fichiers temporaires
Va dans la section "Options" situé dans la marge gauche.
Décoche "Avancé"
Retourne ensuite dans la section "Nettoyeur"
Fais bien attention de cocher toutes ces cases dans la marge gauche (Internet Explorer/Windows Explorer/Système)
• Clique sur [Analyse]
• Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
• Une fois le scan terminé, clique sur [Lancer le Nettoyage]
========================================
Lance Malwarebytes AntiMalware
Dans l'onglet analyse, vérifie que "Exécuter un scan rapide" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.
MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.
A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.
Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. Ferme le bloc-note. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)
Ferme MBAM en cliquant sur Quitter.
Poste le rapport dans ta réponse.
========================================
->Relance CCleaner.
Suppression des incohérences du registre
• Clique sur l'icône [Registre] situés dans la marge à gauche
• Puis clique sur [Analyser les erreurs]
• Patiente pendant que CCleaner scan ton registre.
• Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
• Tu peux cliquer ensuite sur [Corriger les erreurs].
Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement.
========================================
->Vide ta Corbeille.
========================================
scanne ton ordi avec Antivir et poste le rapport.
[Recoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »
oui, encore des choses à faire.
Lis bien et exécute cette manip dans l’ordre.
#Télécharge et installe ces logiciels (si tu ne les as pas) pour les 3 premiers
mets les à jour, comme indiqué dans les démos ou tutos.
Ne les utilise pas tout de suite.
Antispywares et autres :
Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton bureau à partir de ce lien :
https://www.malwarebytes.com/
A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.
Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.
Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.
MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue.
Nettoyeurs (de fichiers inutiles) et autres :
*Ccleaner (gratuit)
Téléchargement :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Tuto :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
Lors de l’installation, [décoche] l’option qui t’installerait la barre Yahoo !
========================================
->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage
[Coche] « afficher les dossiers et fichiers cachés »
[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »
[Décoche] « masquer les extensions dont le type est connu »
Puis fais [appliquer] pour valider les changements.
Et [Ok]
.
=======================================
========================================
->Lance CCleaner.
Suppression des fichiers temporaires
Va dans la section "Options" situé dans la marge gauche.
Décoche "Avancé"
Retourne ensuite dans la section "Nettoyeur"
Fais bien attention de cocher toutes ces cases dans la marge gauche (Internet Explorer/Windows Explorer/Système)
• Clique sur [Analyse]
• Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
• Une fois le scan terminé, clique sur [Lancer le Nettoyage]
========================================
Lance Malwarebytes AntiMalware
Dans l'onglet analyse, vérifie que "Exécuter un scan rapide" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.
MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.
A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.
Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. Ferme le bloc-note. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)
Ferme MBAM en cliquant sur Quitter.
Poste le rapport dans ta réponse.
========================================
->Relance CCleaner.
Suppression des incohérences du registre
• Clique sur l'icône [Registre] situés dans la marge à gauche
• Puis clique sur [Analyser les erreurs]
• Patiente pendant que CCleaner scan ton registre.
• Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
• Tu peux cliquer ensuite sur [Corriger les erreurs].
Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement.
========================================
->Vide ta Corbeille.
========================================
scanne ton ordi avec Antivir et poste le rapport.
[Recoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »
Bonjour,
Hijackthis ne montre rien.
Fais ceci :
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
.
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
et ceci :
Télécharge Rooter de l'équipe IDN sur ton bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/Rooter.exe?attachauth=ANoY7cpzQksLcJt-e1z30LGu7t4JjUhh8amzWs_oSPSJpXbXp8ythGbW2WF8ysioh5NNlarrn7zMnYCRfsT5rCwNrfw5_CZYELApylTiY_MGu0G6uKzWpLEF2YXM3tF7nKZZAWj0JSAajXlZhd8dIyI3MrZ-lAIT5ZrAdcrct9_7bshwVpaZRPizuMTv9SDvmvY31BX4Vvvh2F2Brp1cy_K0jtTTfjttEA%3D%3D&attredirects=2
! Déconnecte toi d'internet et ferme toutes applications en cours !
* Exécute Rooter et laisse travailler l'outil .
* Une fois terminé, poste le rapport obtenu pour analyse ...
Hijackthis ne montre rien.
Fais ceci :
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
.
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
et ceci :
Télécharge Rooter de l'équipe IDN sur ton bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/Rooter.exe?attachauth=ANoY7cpzQksLcJt-e1z30LGu7t4JjUhh8amzWs_oSPSJpXbXp8ythGbW2WF8ysioh5NNlarrn7zMnYCRfsT5rCwNrfw5_CZYELApylTiY_MGu0G6uKzWpLEF2YXM3tF7nKZZAWj0JSAajXlZhd8dIyI3MrZ-lAIT5ZrAdcrct9_7bshwVpaZRPizuMTv9SDvmvY31BX4Vvvh2F2Brp1cy_K0jtTTfjttEA%3D%3D&attredirects=2
! Déconnecte toi d'internet et ferme toutes applications en cours !
* Exécute Rooter et laisse travailler l'outil .
* Une fois terminé, poste le rapport obtenu pour analyse ...
salut,
finalement j'ai trouvé un autre ordi je vais installer RSIT sur clé usb et transferer sur mon ordi,
je vous transmets ca dans quelques minutes..
merci beaucoup
finalement j'ai trouvé un autre ordi je vais installer RSIT sur clé usb et transferer sur mon ordi,
je vous transmets ca dans quelques minutes..
merci beaucoup
INFO RSTI
info.txt logfile of random's system information tool 1.05 2009-02-17 14:45:16
======Uninstall list======
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 8.1.2 Standard-->msiexec /I {AC76BA86-1033-F400-BA7E-000000000003}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
GroupMail :: Free Edition-->"C:\Documents and Settings\reception.TOUTCOMPTEFAIT\Application Data\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0}
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Messenger Plus! 3-->"C:\Documents and Settings\reception.TOUTCOMPTEFAIT\Mes documents\MsgPlus.exe" /Remove
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MySQL Connector/ODBC 3.51-->MsiExec.exe /I{F929096B-54A0-4C5C-B125-1E7EB1917412}
Nero 7 Essentials-->MsiExec.exe /I{6FFBEAEA-312A-4C3F-AE8A-87E0ABA51033}
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PaperPort-->MsiExec.exe /I{85D0883A-6099-4485-8D5B-F7F7E3F88ADE}
ProFile-->"C:\Program Files\InstallShield Installation Information\{F4C2E520-7663-4B3C-8EBC-1E1087964845}\setup.exe" -runfromtemp -l0x0c0c -removeonly
QBFC3.0b-->MsiExec.exe /X{71FEF72D-8F41-455E-8854-08F687154319}
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0xc0c REMOVE
RegRun Security Suite Standard-->C:\Program Files\Greatis\RegRunSuite\R3UR.exe
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)-->MsiExec.exe /X{09959E11-AD5D-408E-96AF-E3346954D6B8}
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)-->MsiExec.exe /X{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}
Simple Comptable de Sage 2008-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5567F737-98A5-4CF3-8B4A-2F4E515966F7}\setup.exe" -l0xc0c -removeonly
Simple Comptable de Sage 2009-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C54856BC-3549-4ADE-AD4B-BC48C336DF5A}\setup.exe" -l0xc0c -removeonly
SmartSerialMail V4.4-->"C:\Program Files\JAM Software\SmartSerialMail\unins000.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
TreeSize Professional 5.1.2-->"C:\Program Files\JAM Software\TreeSize Professional\unins000.exe"
Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
======Security center information======
AV: Spyware Doctor with AntiVirus
AV: avast! antivirus 4.8.1335 [VPS 090216-1]
System event log
Computer Name: RECEPTIONISTE
Event Code: 18
Message: Prêt pour l'installation : les mises à jour suivantes ont été téléchargées et sont prêtes pour l'installation. L'installation de ces mises à jour est actuellement planifiée pour le 24 janvier 2009 à 03:00 :
- Mise à jour de sécurité cumulative pour Internet Explorer 7 pour Windows XP (KB958215)
- Mise à jour de sécurité cumulative pour les bits d'arrêt ActiveX pour Windows XP (KB956391)
Record Number: 5
Source Name: Windows Update Agent
Time Written: 20090123133641.000000-300
Event Type: information
User:
Computer Name: RECEPTIONISTE
Event Code: 8021
Message: L'explorateur n'a pas pu retrouver la liste des serveurs du maître explorateur \\ZIGGY sur le réseau \Device\NetBT_Tcpip_{59404D21-3A8D-4200-A28A-B5CEE325A270}.
La donnée est le code d'erreur.
Record Number: 4
Source Name: BROWSER
Time Written: 20090123133622.000000-300
Event Type: warning
User:
Computer Name: RECEPTIONISTE
Event Code: 35
Message: Le service de temps synchronise maintenant l'heure système avec la
source de temps ziggy.toutcomptefait.ca (ntp.d|192.168.112.106:123->192.168.112.1:123).
Record Number: 3
Source Name: W32Time
Time Written: 20090123133552.000000-300
Event Type: information
User:
Computer Name: RECEPTIONISTE
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.
Record Number: 2
Source Name: EventLog
Time Written: 20090123133528.000000-300
Event Type: information
User:
Computer Name: RECEPTIONISTE
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.
Record Number: 1
Source Name: EventLog
Time Written: 20090123133528.000000-300
Event Type: information
User:
Application event log
Computer Name: RECEPTIONISTE
Event Code: 1000
Message: Application défaillante iexplore.exe, version 7.0.6000.16762, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x050eca68.
Record Number: 3991
Source Name: Application Error
Time Written: 20090128125605.000000-300
Event Type: error
User:
Computer Name: RECEPTIONISTE
Event Code: 0
Message: Service started successfully.
Record Number: 3990
Source Name: Gestionnaire de connexion de Simple Comptable
Time Written: 20090128111309.000000-300
Event Type: information
User:
Computer Name: RECEPTIONISTE
Event Code: 15
Message: L'inscription de certificat automatique pour Système local n'a pas pu contacter Active directory (0x80072095) Une erreur de service d'annuaire s'est produite.
. L'inscription ne sera pas effectuée.
Record Number: 3989
Source Name: AutoEnrollment
Time Written: 20090218111037.000000-300
Event Type: error
User:
Computer Name: RECEPTIONISTE
Event Code: 1053
Message: Windows ne peut pas déterminer le nom de l'utilisateur ou de l'ordinateur. (Accès refusé. ). Le traitement de la stratégie de groupe est interrompu.
Record Number: 3988
Source Name: Userenv
Time Written: 20090218111032.000000-300
Event Type: error
User: AUTORITE NT\SYSTEM
Computer Name: RECEPTIONISTE
Event Code: 0
Message: Service started successfully.
Record Number: 3987
Source Name: Gestionnaire de connexion de Simple Comptable
Time Written: 20090218111011.000000-300
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
lE LOG:
Logfile of random's system information tool 1.05 (written by random/random)
Run by reception at 2009-02-17 14:45:10
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 46 GB (60%) free of 76 GB
Total RAM: 1527 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:45:13, on 2009-02-17
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\VersalSoft\InternetDownload\InternetDownload.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Greatis\RegRunSuite\WatchDog.exe
E:\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\reception.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download by VersalSoft Internet Download - C:\Program Files\VersalSoft\InternetDownload\adddownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = toutcomptefait.ca
O17 - HKLM\Software\..\Telephony: DomainName = toutcomptefait.ca
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = toutcomptefait.ca
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = toutcomptefait.ca
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gestionnaire de connexion de Simple Comptable - Sage Software - C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
info.txt logfile of random's system information tool 1.05 2009-02-17 14:45:16
======Uninstall list======
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 8.1.2 Standard-->msiexec /I {AC76BA86-1033-F400-BA7E-000000000003}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
GroupMail :: Free Edition-->"C:\Documents and Settings\reception.TOUTCOMPTEFAIT\Application Data\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0}
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Messenger Plus! 3-->"C:\Documents and Settings\reception.TOUTCOMPTEFAIT\Mes documents\MsgPlus.exe" /Remove
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MySQL Connector/ODBC 3.51-->MsiExec.exe /I{F929096B-54A0-4C5C-B125-1E7EB1917412}
Nero 7 Essentials-->MsiExec.exe /I{6FFBEAEA-312A-4C3F-AE8A-87E0ABA51033}
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PaperPort-->MsiExec.exe /I{85D0883A-6099-4485-8D5B-F7F7E3F88ADE}
ProFile-->"C:\Program Files\InstallShield Installation Information\{F4C2E520-7663-4B3C-8EBC-1E1087964845}\setup.exe" -runfromtemp -l0x0c0c -removeonly
QBFC3.0b-->MsiExec.exe /X{71FEF72D-8F41-455E-8854-08F687154319}
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0xc0c REMOVE
RegRun Security Suite Standard-->C:\Program Files\Greatis\RegRunSuite\R3UR.exe
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)-->MsiExec.exe /X{09959E11-AD5D-408E-96AF-E3346954D6B8}
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)-->MsiExec.exe /X{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}
Simple Comptable de Sage 2008-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5567F737-98A5-4CF3-8B4A-2F4E515966F7}\setup.exe" -l0xc0c -removeonly
Simple Comptable de Sage 2009-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C54856BC-3549-4ADE-AD4B-BC48C336DF5A}\setup.exe" -l0xc0c -removeonly
SmartSerialMail V4.4-->"C:\Program Files\JAM Software\SmartSerialMail\unins000.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
TreeSize Professional 5.1.2-->"C:\Program Files\JAM Software\TreeSize Professional\unins000.exe"
Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
======Security center information======
AV: Spyware Doctor with AntiVirus
AV: avast! antivirus 4.8.1335 [VPS 090216-1]
System event log
Computer Name: RECEPTIONISTE
Event Code: 18
Message: Prêt pour l'installation : les mises à jour suivantes ont été téléchargées et sont prêtes pour l'installation. L'installation de ces mises à jour est actuellement planifiée pour le 24 janvier 2009 à 03:00 :
- Mise à jour de sécurité cumulative pour Internet Explorer 7 pour Windows XP (KB958215)
- Mise à jour de sécurité cumulative pour les bits d'arrêt ActiveX pour Windows XP (KB956391)
Record Number: 5
Source Name: Windows Update Agent
Time Written: 20090123133641.000000-300
Event Type: information
User:
Computer Name: RECEPTIONISTE
Event Code: 8021
Message: L'explorateur n'a pas pu retrouver la liste des serveurs du maître explorateur \\ZIGGY sur le réseau \Device\NetBT_Tcpip_{59404D21-3A8D-4200-A28A-B5CEE325A270}.
La donnée est le code d'erreur.
Record Number: 4
Source Name: BROWSER
Time Written: 20090123133622.000000-300
Event Type: warning
User:
Computer Name: RECEPTIONISTE
Event Code: 35
Message: Le service de temps synchronise maintenant l'heure système avec la
source de temps ziggy.toutcomptefait.ca (ntp.d|192.168.112.106:123->192.168.112.1:123).
Record Number: 3
Source Name: W32Time
Time Written: 20090123133552.000000-300
Event Type: information
User:
Computer Name: RECEPTIONISTE
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.
Record Number: 2
Source Name: EventLog
Time Written: 20090123133528.000000-300
Event Type: information
User:
Computer Name: RECEPTIONISTE
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.
Record Number: 1
Source Name: EventLog
Time Written: 20090123133528.000000-300
Event Type: information
User:
Application event log
Computer Name: RECEPTIONISTE
Event Code: 1000
Message: Application défaillante iexplore.exe, version 7.0.6000.16762, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x050eca68.
Record Number: 3991
Source Name: Application Error
Time Written: 20090128125605.000000-300
Event Type: error
User:
Computer Name: RECEPTIONISTE
Event Code: 0
Message: Service started successfully.
Record Number: 3990
Source Name: Gestionnaire de connexion de Simple Comptable
Time Written: 20090128111309.000000-300
Event Type: information
User:
Computer Name: RECEPTIONISTE
Event Code: 15
Message: L'inscription de certificat automatique pour Système local n'a pas pu contacter Active directory (0x80072095) Une erreur de service d'annuaire s'est produite.
. L'inscription ne sera pas effectuée.
Record Number: 3989
Source Name: AutoEnrollment
Time Written: 20090218111037.000000-300
Event Type: error
User:
Computer Name: RECEPTIONISTE
Event Code: 1053
Message: Windows ne peut pas déterminer le nom de l'utilisateur ou de l'ordinateur. (Accès refusé. ). Le traitement de la stratégie de groupe est interrompu.
Record Number: 3988
Source Name: Userenv
Time Written: 20090218111032.000000-300
Event Type: error
User: AUTORITE NT\SYSTEM
Computer Name: RECEPTIONISTE
Event Code: 0
Message: Service started successfully.
Record Number: 3987
Source Name: Gestionnaire de connexion de Simple Comptable
Time Written: 20090218111011.000000-300
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
lE LOG:
Logfile of random's system information tool 1.05 (written by random/random)
Run by reception at 2009-02-17 14:45:10
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 46 GB (60%) free of 76 GB
Total RAM: 1527 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:45:13, on 2009-02-17
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\VersalSoft\InternetDownload\InternetDownload.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Greatis\RegRunSuite\WatchDog.exe
E:\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\reception.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download by VersalSoft Internet Download - C:\Program Files\VersalSoft\InternetDownload\adddownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = toutcomptefait.ca
O17 - HKLM\Software\..\Telephony: DomainName = toutcomptefait.ca
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = toutcomptefait.ca
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = toutcomptefait.ca
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gestionnaire de connexion de Simple Comptable - Sage Software - C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re,
1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau à partir de ce lien :
https://download.cnet.com/Malwarebytes/3000-8022_4-10804572.html
3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.
4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.
5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.
6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :
7) Dans l'onglet analyse, vérifie que "Exécuter une analyse rapide" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.
8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.
9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.
10) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
11) MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)
12) Ferme MBAM en cliquant sur Quitter.
13) Poste le rapport dans ta réponse
1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau à partir de ce lien :
https://download.cnet.com/Malwarebytes/3000-8022_4-10804572.html
3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.
4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.
5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.
6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :
7) Dans l'onglet analyse, vérifie que "Exécuter une analyse rapide" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.
8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.
9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.
10) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
11) MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)
12) Ferme MBAM en cliquant sur Quitter.
13) Poste le rapport dans ta réponse
Salut, j'ai réussi à l'installer mais je n'arrive pas à executer le logiciel.
J'ai essayé par executer mais ça ne marche pas non plus....
J'ai essayé par executer mais ça ne marche pas non plus....
Re,
fais un clic droit sur l'icône de MBAM et choisis Renommer. Nomme le Antitibs.exe et réessaye de l'exécuter.
fais un clic droit sur l'icône de MBAM et choisis Renommer. Nomme le Antitibs.exe et réessaye de l'exécuter.
je suis en train de travailler sur un poste qui est infecter aussi meme probleme aparament tout les antispyware type : spybot adaware combofix frauda ect sont tous bloker sauf moon secure mais qui lui ne trouve rien j'ai tenter de faire un netsh int ip reset ainsi que un coup de ccleaner et de flushdns mais rien a y faire meme en mode sans echec oO
enfin voila comme ca on sera deux a avancer sur le sujet
en esperant voir d'autre dans ce cas
enfin voila comme ca on sera deux a avancer sur le sujet
en esperant voir d'autre dans ce cas
Re,
Télécharger GMER ( http://www2.gmer.net/gmer.zip )
Extraire le contenu du ZIP puis renommer "gmer.exe" en "bypass.exe"
Onglet "Rootkit" ; cliquez sur "SCAN" puis patienter...
En fin de traitement cliquez sur "SAVE" et enregistrer sur votre bureau "180209.txt"
Double cliquez sur "180209.txt" ; le fichier s'ouvre dans le bloc-notes.
Copiez le contenu et collez le sur votre prochain message.
Si nécessaire, télécharger sur l'ordi sain et recopier sur l'ordi infecté.
================
C'est toi qui a configuré ceci :
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = toutcomptefait.ca
O17 - HKLM\Software\..\Telephony: DomainName = toutcomptefait.ca
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = toutcomptefait.ca
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = toutcomptefait.ca
===============
Ouvre c:\Windows\system32\drivers\etc\hosts
et copie les 100 premoères lignes dans ta réponse.
Télécharger GMER ( http://www2.gmer.net/gmer.zip )
Extraire le contenu du ZIP puis renommer "gmer.exe" en "bypass.exe"
Onglet "Rootkit" ; cliquez sur "SCAN" puis patienter...
En fin de traitement cliquez sur "SAVE" et enregistrer sur votre bureau "180209.txt"
Double cliquez sur "180209.txt" ; le fichier s'ouvre dans le bloc-notes.
Copiez le contenu et collez le sur votre prochain message.
Si nécessaire, télécharger sur l'ordi sain et recopier sur l'ordi infecté.
================
C'est toi qui a configuré ceci :
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = toutcomptefait.ca
O17 - HKLM\Software\..\Telephony: DomainName = toutcomptefait.ca
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = toutcomptefait.ca
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = toutcomptefait.ca
===============
Ouvre c:\Windows\system32\drivers\etc\hosts
et copie les 100 premoères lignes dans ta réponse.
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-18 14:12:21
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
Code 89EF47E8 ZwEnumerateKey
Code 8A04A108 ZwFlushInstructionCache
Code 89EB8A2E IofCallDriver
Code 89F6200E IofCompleteRequest
---- Kernel code sections - GMER 1.0.14 ----
.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 89EB8A33
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 89F62013
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 89EF47EC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 8A04A10C
? Partizan.sys Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0084000A
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0085000A
.text C:\WINDOWS\System32\alg.exe[164] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 09, 84 ]
.text C:\WINDOWS\System32\alg.exe[164] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[164] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\alg.exe[164] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, AA, 84 ]
.text C:\WINDOWS\system32\csrss.exe[524] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[524] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\winlogon.exe[548] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 18, 85 ]
.text C:\WINDOWS\system32\winlogon.exe[548] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\winlogon.exe[548] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 76, 84 ]
.text C:\WINDOWS\system32\services.exe[592] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\services.exe[592] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CD, 84 ]
.text C:\WINDOWS\system32\lsass.exe[604] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\lsass.exe[604] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 00B3000A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 00B4000A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 38, 84 ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 81, 84 ]
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CE, 84 ]
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, C7, 85 ]
.text C:\WINDOWS\System32\svchost.exe[916] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\svchost.exe[916] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 4E, 84 ]
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHo
Rootkit scan 2009-02-18 14:12:21
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
Code 89EF47E8 ZwEnumerateKey
Code 8A04A108 ZwFlushInstructionCache
Code 89EB8A2E IofCallDriver
Code 89F6200E IofCompleteRequest
---- Kernel code sections - GMER 1.0.14 ----
.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 89EB8A33
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 89F62013
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 89EF47EC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 8A04A10C
? Partizan.sys Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0084000A
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0085000A
.text C:\WINDOWS\System32\alg.exe[164] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 09, 84 ]
.text C:\WINDOWS\System32\alg.exe[164] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[164] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\alg.exe[164] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, AA, 84 ]
.text C:\WINDOWS\system32\csrss.exe[524] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[524] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\winlogon.exe[548] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 18, 85 ]
.text C:\WINDOWS\system32\winlogon.exe[548] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\winlogon.exe[548] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 76, 84 ]
.text C:\WINDOWS\system32\services.exe[592] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\services.exe[592] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CD, 84 ]
.text C:\WINDOWS\system32\lsass.exe[604] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\lsass.exe[604] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 00B3000A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 00B4000A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 38, 84 ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 81, 84 ]
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CE, 84 ]
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, C7, 85 ]
.text C:\WINDOWS\System32\svchost.exe[916] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\svchost.exe[916] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 4E, 84 ]
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHo
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-18 14:12:21
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
Code 89EF47E8 ZwEnumerateKey
Code 8A04A108 ZwFlushInstructionCache
Code 89EB8A2E IofCallDriver
Code 89F6200E IofCompleteRequest
---- Kernel code sections - GMER 1.0.14 ----
.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 89EB8A33
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 89F62013
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 89EF47EC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 8A04A10C
? Partizan.sys Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0084000A
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0085000A
.text C:\WINDOWS\System32\alg.exe[164] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 09, 84 ]
.text C:\WINDOWS\System32\alg.exe[164] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[164] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\alg.exe[164] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, AA, 84 ]
.text C:\WINDOWS\system32\csrss.exe[524] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[524] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\winlogon.exe[548] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 18, 85 ]
.text C:\WINDOWS\system32\winlogon.exe[548] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\winlogon.exe[548] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 76, 84 ]
.text C:\WINDOWS\system32\services.exe[592] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\services.exe[592] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CD, 84 ]
.text C:\WINDOWS\system32\lsass.exe[604] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\lsass.exe[604] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 00B3000A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 00B4000A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 38, 84 ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 81, 84 ]
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CE, 84 ]
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, C7, 85 ]
.text C:\WINDOWS\System32\svchost.exe[916] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\svchost.exe[916] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 4E, 84 ]
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHo
Rootkit scan 2009-02-18 14:12:21
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
Code 89EF47E8 ZwEnumerateKey
Code 8A04A108 ZwFlushInstructionCache
Code 89EB8A2E IofCallDriver
Code 89F6200E IofCompleteRequest
---- Kernel code sections - GMER 1.0.14 ----
.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 89EB8A33
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 89F62013
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 89EF47EC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 8A04A10C
? Partizan.sys Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0084000A
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0085000A
.text C:\WINDOWS\System32\alg.exe[164] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 09, 84 ]
.text C:\WINDOWS\System32\alg.exe[164] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[164] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\alg.exe[164] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, AA, 84 ]
.text C:\WINDOWS\system32\csrss.exe[524] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[524] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\winlogon.exe[548] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 18, 85 ]
.text C:\WINDOWS\system32\winlogon.exe[548] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\winlogon.exe[548] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 76, 84 ]
.text C:\WINDOWS\system32\services.exe[592] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\services.exe[592] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CD, 84 ]
.text C:\WINDOWS\system32\lsass.exe[604] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\lsass.exe[604] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 00B3000A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 00B4000A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 38, 84 ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 81, 84 ]
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CE, 84 ]
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, C7, 85 ]
.text C:\WINDOWS\System32\svchost.exe[916] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\svchost.exe[916] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 4E, 84 ]
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHo
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-18 14:12:21
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
Code 89EF47E8 ZwEnumerateKey
Code 8A04A108 ZwFlushInstructionCache
Code 89EB8A2E IofCallDriver
Code 89F6200E IofCompleteRequest
---- Kernel code sections - GMER 1.0.14 ----
.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 89EB8A33
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 89F62013
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 89EF47EC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 8A04A10C
? Partizan.sys Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0084000A
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0085000A
.text C:\WINDOWS\System32\alg.exe[164] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 09, 84 ]
.text C:\WINDOWS\System32\alg.exe[164] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[164] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\alg.exe[164] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, AA, 84 ]
.text C:\WINDOWS\system32\csrss.exe[524] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[524] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\winlogon.exe[548] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 18, 85 ]
.text C:\WINDOWS\system32\winlogon.exe[548] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\winlogon.exe[548] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 76, 84 ]
.text C:\WINDOWS\system32\services.exe[592] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\services.exe[592] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CD, 84 ]
.text C:\WINDOWS\system32\lsass.exe[604] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\lsass.exe[604] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 00B3000A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 00B4000A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 38, 84 ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 81, 84 ]
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CE, 84 ]
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, C7, 85 ]
.text C:\WINDOWS\System32\svchost.exe[916] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\svchost.exe[916] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 4E, 84 ]
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHo
Rootkit scan 2009-02-18 14:12:21
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
Code 89EF47E8 ZwEnumerateKey
Code 8A04A108 ZwFlushInstructionCache
Code 89EB8A2E IofCallDriver
Code 89F6200E IofCompleteRequest
---- Kernel code sections - GMER 1.0.14 ----
.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 89EB8A33
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 89F62013
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 89EF47EC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 8A04A10C
? Partizan.sys Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0084000A
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0085000A
.text C:\WINDOWS\System32\alg.exe[164] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 09, 84 ]
.text C:\WINDOWS\System32\alg.exe[164] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[164] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\alg.exe[164] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, AA, 84 ]
.text C:\WINDOWS\system32\csrss.exe[524] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[524] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\winlogon.exe[548] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 18, 85 ]
.text C:\WINDOWS\system32\winlogon.exe[548] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\winlogon.exe[548] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 76, 84 ]
.text C:\WINDOWS\system32\services.exe[592] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\services.exe[592] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CD, 84 ]
.text C:\WINDOWS\system32\lsass.exe[604] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\lsass.exe[604] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 00B3000A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 00B4000A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 38, 84 ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 81, 84 ]
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CE, 84 ]
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, C7, 85 ]
.text C:\WINDOWS\System32\svchost.exe[916] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\svchost.exe[916] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 4E, 84 ]
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHo
1er :
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-18 14:12:21
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
Code 89EF47E8 ZwEnumerateKey
Code 8A04A108 ZwFlushInstructionCache
Code 89EB8A2E IofCallDriver
Code 89F6200E IofCompleteRequest
---- Kernel code sections - GMER 1.0.14 ----
.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 89EB8A33
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 89F62013
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 89EF47EC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 8A04A10C
? Partizan.sys Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0084000A
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0085000A
.text C:\WINDOWS\System32\alg.exe[164] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 09, 84 ]
.text C:\WINDOWS\System32\alg.exe[164] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[164] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\alg.exe[164] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, AA, 84 ]
.text C:\WINDOWS\system32\csrss.exe[524] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[524] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\winlogon.exe[548] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 18, 85 ]
.text C:\WINDOWS\system32\winlogon.exe[548] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\winlogon.exe[548] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 76, 84 ]
.text C:\WINDOWS\system32\services.exe[592] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\services.exe[592] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CD, 84 ]
.text C:\WINDOWS\system32\lsass.exe[604] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\lsass.exe[604] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 00B3000A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 00B4000A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 38, 84 ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 81, 84 ]
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CE, 84 ]
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, C7, 85 ]
.text C:\WINDOWS\System32\svchost.exe[916] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\svchost.exe[916] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 4E, 84 ]
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-18 14:12:21
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
Code 89EF47E8 ZwEnumerateKey
Code 8A04A108 ZwFlushInstructionCache
Code 89EB8A2E IofCallDriver
Code 89F6200E IofCompleteRequest
---- Kernel code sections - GMER 1.0.14 ----
.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 89EB8A33
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 89F62013
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 89EF47EC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 8A04A10C
? Partizan.sys Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0084000A
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0085000A
.text C:\WINDOWS\System32\alg.exe[164] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 09, 84 ]
.text C:\WINDOWS\System32\alg.exe[164] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[164] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\alg.exe[164] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, AA, 84 ]
.text C:\WINDOWS\system32\csrss.exe[524] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[524] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\winlogon.exe[548] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 18, 85 ]
.text C:\WINDOWS\system32\winlogon.exe[548] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\winlogon.exe[548] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 76, 84 ]
.text C:\WINDOWS\system32\services.exe[592] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\services.exe[592] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CD, 84 ]
.text C:\WINDOWS\system32\lsass.exe[604] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\lsass.exe[604] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 00B3000A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 00B4000A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 38, 84 ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 81, 84 ]
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CE, 84 ]
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\svchost.exe[916] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, C7, 85 ]
.text C:\WINDOWS\System32\svchost.exe[916] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\svchost.exe[916] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 4E, 84 ]
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll
7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 6B, 84 ]
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0099000A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 009A000A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7D, 84 ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 009C000A
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 009D000A
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 9A, 86 ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0097000A
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0098000A
.text C:\WINDOWS\system32\spoolsv.exe[1440] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 6F, 84 ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\spoolsv.exe[1440] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 6B, 84 ]
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0099000A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 009A000A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7D, 84 ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1176] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 009C000A
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 009D000A
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 9A, 86 ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1224] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0097000A
.text C:\WINDOWS\system32\spoolsv.exe[1440] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0098000A
.text C:\WINDOWS\system32\spoolsv.exe[1440] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 6F, 84 ]
.text C:\WINDOWS\system32\spoolsv.exe[1440] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\spoolsv.exe[1440] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe[1588] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
bon on recommence.... on repart a 0
PARTIE 1
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-18 14:12:21
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
Code 89EF47E8 ZwEnumerateKey
Code 8A04A108 ZwFlushInstructionCache
Code 89EB8A2E IofCallDriver
Code 89F6200E IofCompleteRequest
---- Kernel code sections - GMER 1.0.14 ----
.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 89EB8A33
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 89F62013
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 89EF47EC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 8A04A10C
? Partizan.sys Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0084000A
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0085000A
.text C:\WINDOWS\System32\alg.exe[164] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 09, 84 ]
.text C:\WINDOWS\System32\alg.exe[164] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[164] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\alg.exe[164] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, AA, 84 ]
.text C:\WINDOWS\system32\csrss.exe[524] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[524] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\winlogon.exe[548] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 18, 85 ]
.text C:\WINDOWS\system32\winlogon.exe[548] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\winlogon.exe[548] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
PARTIE 1
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-18 14:12:21
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
Code 89EF47E8 ZwEnumerateKey
Code 8A04A108 ZwFlushInstructionCache
Code 89EB8A2E IofCallDriver
Code 89F6200E IofCompleteRequest
---- Kernel code sections - GMER 1.0.14 ----
.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 89EB8A33
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 89F62013
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 89EF47EC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 8A04A10C
? Partizan.sys Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0084000A
.text C:\WINDOWS\System32\alg.exe[164] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0085000A
.text C:\WINDOWS\System32\alg.exe[164] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 09, 84 ]
.text C:\WINDOWS\System32\alg.exe[164] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[164] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\alg.exe[164] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\csrss.exe[524] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, AA, 84 ]
.text C:\WINDOWS\system32\csrss.exe[524] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[524] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\winlogon.exe[548] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 18, 85 ]
.text C:\WINDOWS\system32\winlogon.exe[548] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\winlogon.exe[548] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 76, 84 ]
.text C:\WINDOWS\system32\services.exe[592] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\services.exe[592] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CD, 84 ]
.text C:\WINDOWS\system32\lsass.exe[604] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\lsass.exe[604] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 00B3000A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 00B4000A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 38, 84 ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 81, 84 ]
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 76, 84 ]
.text C:\WINDOWS\system32\services.exe[592] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\services.exe[592] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CD, 84 ]
.text C:\WINDOWS\system32\lsass.exe[604] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\lsass.exe[604] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 00B3000A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 00B4000A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 38, 84 ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[716] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 81, 84 ]
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[764] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
- 1
- 2
- 3
Suivant
