|
| Precedente :: Successivo |
| Autore |
Messaggio |
gfransb
Semidio
Registrato: 09/02/06 20:41
Messaggi: 292
Residenza: Bologna
|
 Inviato: 19 Apr 2007 21:55 Oggetto: |
 |
|
| Grazie BDor, ma non ho fatto nulla di particolare. I casi potevano essere solo quei due e l'aggiornamento al SP2 faceva pendere la bilancia verso il file corrotto. La pratica alla console di ripristino ha fatto il resto. E' uno strumento veramente potente che mi ha tolto d'impaccio in un sacco di casi, non ultimo riuscire a cancellare virus impossibili da eliminare in Windows. |
|
| Top |
|
 |
dasio78
Dio maturo
Registrato: 22/06/06 23:05
Messaggi: 6282
|
| Inviato: 19 Apr 2007 22:16 Oggetto: |
|
|
Scusate ma il file di gmer è lunghissimo!!!
Come faccio a postarlo??? |
|
| Top |
|
|
dasio78
Dio maturo
Registrato: 22/06/06 23:05
Messaggi: 6282
|
| Inviato: 19 Apr 2007 22:37 Oggetto: |
|
|
Una curiosità...
| Citazione: | | digita msconfig e nella scheda avvio disabilita tutto tranne le voci che si riferiscono all'antivirus e riavvia. |
Come mai bisogna disabilitare tutto??? |
|
| Top |
|
|
gfransb
Semidio
Registrato: 09/02/06 20:41
Messaggi: 292
Residenza: Bologna
|
| Inviato: 19 Apr 2007 22:44 Oggetto: |
|
|
Un pezzo alla volta? 
Hai editato msconfig? Perché i processi in esecuzione inutilmente fanno solo danni e rubano risorse. |
|
| Top |
|
|
dasio78
Dio maturo
Registrato: 22/06/06 23:05
Messaggi: 6282
|
| Inviato: 19 Apr 2007 22:50 Oggetto: |
|
|
ok, mo ci provo a postare sto lenzuolo...
GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-04-19 22:10:12
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwCreateKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwOpenKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys ZwTerminateThread
SSDT \??\C:\WINDOWS\system32\PavSRK.sys ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.12 ----
? C:\WINDOWS\system32\DRIVERS\update.sys
? C:\WINDOWS\system32\PavSRK.sys Impossibile trovare il file specificato.
? C:\WINDOWS\system32\PavTPK.sys Impossibile trovare il file specificato.
? system32\drivers\av5flt.sys Impossibile trovare il file specificato.
? C:\WINDOWS\system32\DRIVERS\COMFiltr.sys Impossibile trovare il file specificato.
---- User code sections - GMER 1.0.12 ----
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[244] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4C, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6D, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4F, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 70, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 52, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 55, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 58, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 5B, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5E, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 73, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 61, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 64, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 76, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 79, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 67, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 6A, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7C, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 49, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F360F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 40, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 46, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 43, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA80F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F930F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F900F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9F0F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8D0F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9D, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F960F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A3, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA50F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F8A0F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 9A, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F240F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F2A0F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F270F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2D0F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F870F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F840F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F810F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[628] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[660] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\spoolsv.exe[660] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7C0F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
.text C:\Programmi\Logitech\Video\LogiTray.exe[692] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7C0F5A
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4C, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6D, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4F, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 70, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 52, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 55, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 58, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 5B, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5E, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 73, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 61, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 64, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 76, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 79, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 67, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 6A, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7C, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 49, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F330F5A
.text C:\Acer\eManager\anbmServ.exe[712] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3C0F5A
.text C:\Acer\eManager\anbmServ.exe[712] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F360F5A
.text C:\Acer\eManager\anbmServ.exe[712] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 40, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 46, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 43, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F390F5A
.text C:\Acer\eManager\anbmServ.exe[712] user32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA80F5A
.text C:\Acer\eManager\anbmServ.exe[712] user32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F930F5A
.text C:\Acer\eManager\anbmServ.exe[712] user32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F900F5A
.text C:\Acer\eManager\anbmServ.exe[712] user32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9F0F5A
.text C:\Acer\eManager\anbmServ.exe[712] user32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8D0F5A
.text C:\Acer\eManager\anbmServ.exe[712] user32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] user32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9D, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] user32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F960F5A
.text C:\Acer\eManager\anbmServ.exe[712] user32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] user32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A3, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] user32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA50F5A
.text C:\Acer\eManager\anbmServ.exe[712] user32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F8A0F5A
.text C:\Acer\eManager\anbmServ.exe[712] user32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\Acer\eManager\anbmServ.exe[712] user32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 9A, 5F ]
.text C:\Acer\eManager\anbmServ.exe[712] advapi32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\Acer\eManager\anbmServ.exe[712] advapi32.dll!OpenServiceW |
|
| Top |
|
|
dasio78
Dio maturo
Registrato: 22/06/06 23:05
Messaggi: 6282
|
| Inviato: 19 Apr 2007 22:51 Oggetto: |
|
|
...seconda parte...
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1120] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\eHome\ehSched.exe[1120] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1124] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\winlogon.exe[1184] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[1184] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[1232] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[1232] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 08, 5F ]
.text C:\WINDOWS\system32\services.exe[1232] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[1232] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[1232] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[1232] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[1232] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[1232] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\services.exe[1232] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[1232] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 05, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4C, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6D, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4F, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 70, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 52, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 55, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 58, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 5B, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5E, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 73, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 61, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 64, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 76, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 79, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 67, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 6A, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7C, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 49, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F330F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3C0F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F360F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 40, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 46, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 43, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F390F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA80F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F930F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F900F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9F0F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8D0F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9D, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F960F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A3, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA50F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F8A0F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 9A, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F240F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F2A0F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F270F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2D0F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F300F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F870F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F840F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F810F5A
.text C:\Documents and Settings\User\Desktop\Nuova cartella\gmer\gmer.exe[1380] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7E0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
. |
|
| Top |
|
|
dasio78
Dio maturo
Registrato: 22/06/06 23:05
Messaggi: 6282
|
| Inviato: 19 Apr 2007 22:52 Oggetto: |
|
|
terza parte...
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] user32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] user32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] user32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] user32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] user32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] user32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] user32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] user32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] user32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] user32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] user32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] user32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] user32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] user32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] advapi32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] advapi32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] advapi32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] advapi32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] advapi32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] advapi32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] advapi32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] advapi32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] advapi32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] advapi32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] advapi32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] advapi32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] advapi32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] advapi32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] advapi32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] advapi32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
.text C:\Programmi\Skype\Plugin Manager\SkypePM.exe[1680] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Explorer.EXE[1828] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\Explorer.EXE[1828] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\Explorer.EXE[1828] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\Explorer.EXE[1828] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\Explorer.EXE[1828] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\Explorer.EXE[1828] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\Explorer.EXE[1828] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\WINDOWS\Explorer.EXE[1828] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\Explorer.EXE[1828] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1828] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\WINDOWS\Explorer.EXE[1828] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\Explorer.EXE[1828] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\Explorer.EXE[1828] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\Explorer.EXE[1828] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1936] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\svchost.exe[1936] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\svchost.exe[1936] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\svchost.exe[1936] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\svchost.exe[1936] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\svchost.exe[1936] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\svchost.exe[1936] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\WINDOWS\system32\svchost.exe[1936] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[1936] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1936] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1936] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\svchost.exe[1936] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[1936] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[1936] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1952] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\svchost.exe[1952] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\svchost.exe[1952] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\svchost.exe[1952] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\svchost.exe[1952] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\svchost.exe[1952] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\svchost.exe[1952] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\WINDOWS\system32\svchost.exe[1952] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[1952] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1952] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\svchost.exe[1952] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[1952] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[1952] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[2004] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\svchost.exe[2004] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\svchost.exe[2004] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\svchost.exe[2004] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\svchost.exe[2004] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\svchost.exe[2004] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\svchost.exe[2004] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\WINDOWS\system32\svchost.exe[2004] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[2004] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2004] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2004] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\svchost.exe[2004] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[2004] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
|
|
| Top |
|
|
dasio78
Dio maturo
Registrato: 22/06/06 23:05
Messaggi: 6282
|
| Inviato: 19 Apr 2007 22:52 Oggetto: |
|
|
quarta parte...
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2224] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2224] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7C0F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
.text C:\Programmi\Launch Manager\QtZgAcer.EXE[2616] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[2892] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\dllhost.exe[2892] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[2892] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
.text C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[2916] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7C0F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\PROGRA~1\MESSEN~1\Msmsgs.exe[3008] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
|
|
| Top |
|
|
dasio78
Dio maturo
Registrato: 22/06/06 23:05
Messaggi: 6282
|
| Inviato: 19 Apr 2007 22:53 Oggetto: |
|
|
quinta parte...
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[3152] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7C0F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] user32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] user32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] user32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] user32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] user32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] user32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] user32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] user32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] user32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] user32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] user32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] user32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] user32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] user32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] advapi32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] advapi32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] advapi32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] advapi32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] advapi32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] advapi32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] advapi32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] advapi32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] advapi32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] advapi32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] advapi32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] advapi32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] advapi32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] advapi32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] advapi32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\Programmi\Skype\Phone\Skype.exe[3180] advapi32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
.text C:\Programmi\Skype\Phone\Skype.exe[3180] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7C0F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
.text C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe[3256] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7C0F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
.text C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3296] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7C0F5A |
|
| Top |
|
|
dasio78
Dio maturo
Registrato: 22/06/06 23:05
Messaggi: 6282
|
| Inviato: 19 Apr 2007 22:54 Oggetto: |
|
|
Ultima parte!!!!!
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3592] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3664] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\ehome\ehtray.exe[3664] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7C0F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
.text C:\Programmi\File comuni\Logitech\PktDrvr\LVCOMS.EXE[3884] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\MCECardBusTV.exe[3912] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes JMP 5F7C0F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F310F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes JMP 5F3A0F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes JMP 5F340F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] USER32.dll!DispatchMessageW 7E398A01 6 Bytes JMP 5FA60F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] USER32.dll!TranslateMessage 7E398BF6 6 Bytes JMP 5F910F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F8E0F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] USER32.dll!GetKeyState 7E39C505 6 Bytes JMP 5F9D0F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] USER32.dll!BeginDeferWindowPos 7E39D907 6 Bytes JMP 5F8B0F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] USER32.dll!GetKeyboardState 7E39EF29 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] USER32.dll!GetKeyboardState + 4 7E39EF2D 2 Bytes [ 9B, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] USER32.dll!GetAsyncKeyState 7E39F3B3 6 Bytes JMP 5F940F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] USER32.dll!CreateAcceleratorTableW 7E3AD3C1 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] USER32.dll!CreateAcceleratorTableW + 4 7E3AD3C5 2 Bytes [ A1, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5FA30F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F880F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] USER32.dll!AttachThreadInput 7E3B1E12 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] USER32.dll!AttachThreadInput + 4 7E3B1E16 2 Bytes [ 98, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ADVAPI32.dll!CloseServiceHandle 77F55E4D 6 Bytes JMP 5F100F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ADVAPI32.dll!OpenServiceW 77F56165 6 Bytes JMP 5F220F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ADVAPI32.dll!ControlService 77F5B635 6 Bytes JMP 5F130F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ADVAPI32.dll!OpenServiceA 77F5B88C 6 Bytes JMP 5F1F0F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ADVAPI32.dll!StartServiceW 77F5BBAC 6 Bytes JMP 5F280F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ADVAPI32.dll!StartServiceA 77F63238 6 Bytes JMP 5F250F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ADVAPI32.dll!LsaAddAccountRights 77F8A9A1 6 Bytes JMP 5F2B0F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ADVAPI32.dll!LsaRemoveAccountRights 77F8AA41 6 Bytes JMP 5F2E0F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 6 Bytes JMP 5F040F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 6 Bytes JMP 5F070F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ADVAPI32.dll!CreateServiceA 77FA7071 6 Bytes JMP 5F160F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ADVAPI32.dll!CreateServiceW 77FA7209 3 Bytes [ FF, 25, 1E ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ADVAPI32.dll!CreateServiceW + 4 77FA720D 2 Bytes [ 1A, 5F ]
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ADVAPI32.dll!DeleteService 77FA7311 6 Bytes JMP 5F1C0F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes JMP 5F850F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes JMP 5F820F5A
.text C:\Programmi\Synaptics\SynTP\SynTPLpr.exe[3924] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes JMP 5F7F0F5A |
|
| Top |
|
|
dasio78
Dio maturo
Registrato: 22/06/06 23:05
Messaggi: 6282
|
| Inviato: 19 Apr 2007 22:56 Oggetto: |
|
|
Ho riavviato e tutto funziona... speriamo bene!!!!
Grazie a tutti e due per l'aiuto!!!!
Siete grandi!!!!!
  |
|
| Top |
|
|
gfransb
Semidio
Registrato: 09/02/06 20:41
Messaggi: 292
Residenza: Bologna
|
| Inviato: 19 Apr 2007 23:04 Oggetto: |
|
|
| Mah! Non sembrano esserci cose strane. Secondo me puoi stare tranquillo così. |
|
| Top |
|
|
dasio78
Dio maturo
Registrato: 22/06/06 23:05
Messaggi: 6282
|
| Inviato: 19 Apr 2007 23:18 Oggetto: |
|
|
Grandi!! Ancora grazie a tutti e due!!
|
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 19 Apr 2007 23:18 Oggetto: |
|
|
| Citazione: | ? C:\WINDOWS\system32\PavSRK.sys Impossibile trovare il file specificato.
? C:\WINDOWS\system32\PavTPK.sys Impossibile trovare il file specificato.
? system32\drivers\av5flt.sys Impossibile trovare il file specificato.
? C:\WINDOWS\system32\DRIVERS\COMFiltr.sys Impossibile trovare il file specificato. |
Panda ti funziona bene?
Perchè sembrerebbe esserci un problemino proprio con Panda... mi sembra la parte relativa al firewall.
Al limite puoi disinstallarlo e reinstallarlo. |
|
| Top |
|
|
dasio78
Dio maturo
Registrato: 22/06/06 23:05
Messaggi: 6282
|
| Inviato: 19 Apr 2007 23:23 Oggetto: |
|
|
Infatti trovo il pc un pò instabile... tende a bloccarsi...
Forse qualche files corrotto? O qualche conflitto?? |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 20 Apr 2007 10:02 Oggetto: |
 |
|
Fossi in te:
- scollegamento da internet (per ovvie ragioni)
- disinstallerei completamente Panda
- riavvio del pc
- pulizia del file di registro
- deframmentazione disco (possibilmente anche dei file di sistema)
- riavvio del pc
- reinstallazione completa di Panda
- collegamento e immediato aggiornamento dell'antivirus
poi facci sapere se riscontri altri problemi |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
