GMER 1.0.14.14536 -
http://www.gmer.net
Rootkit scan 2008-11-16 07:24:07
Windows 5.1.2600 Szervizcsomag 3
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateKey [0xB4E047A6]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0xB4E01794]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcessEx [0xB4E01F1E]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteKey [0xB4E051F0]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteValueKey [0xB4E0542A]
SSDT spyh.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spyh.sys ZwEnumerateValueKey [0xBA6C7030]
SSDT spyh.sys ZwOpenKey [0xBA6A80C0]
SSDT spyh.sys ZwQueryKey [0xBA6C7108]
SSDT spyh.sys ZwQueryValueKey [0xBA6C6F88]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwRenameKey [0xB4E0612A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwSetValueKey [0xB4E0583C]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwTerminateProcess [0xB4E00D0A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0xB4E00384]
INT 0x63 ? 8A388BF8
INT 0x73 ? 8A55ABF8
INT 0x83 ? 8A55ABF8
---- Kernel code sections - GMER 1.0.14 ----
? spyh.sys A rendszer nem találja a megadott fájlt. !
.text USBPORT.SYS!DllUnload B9AF18AC 5 Bytes JMP 8A3881D8
.text atm42c0l.SYS B8FF5386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]
.text atm42c0l.SYS B8FF53AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text atm42c0l.SYS B8FF53C4 3 Bytes [ 00, 70, 02 ]
.text atm42c0l.SYS B8FF53C9 1 Byte [ 2E ]
.text atm42c0l.SYS B8FF53CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ]
.text ...
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys A rendszer nem találja a megadott fájlt. !
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 54, 84 ]
.text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, F6, 83 ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[396] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BF, 84 ]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[448] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[516] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes [ B3, A0, C3, 83 ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[600] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 72, 84 ]
.text C:\WINDOWS\system32\svchost.exe[600] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[600] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 94, 84 ]
.text C:\WINDOWS\system32\nvsvc32.exe[608] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\nvsvc32.exe[608] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 9B, 84 ]
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[680] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 4E, 84 ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[796] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BE, 83 ]
.text C:\WINDOWS\system32\bgsvcgen.exe[828] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\bgsvcgen.exe[828] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 70, 84 ]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[852] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 06, 84 ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[872] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 2E, 85 ]
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[912] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Documents and Settings\Windows XP\Asztal\gmer.exe[944] ntdll.dll