Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

pomalý internet

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
2marcin
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 02 pro 2011 16:07

Re: pomalý internet

#31 Příspěvek od 2marcin »

a tu je druhý 1. polovica s neho

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-06 22:40:48
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST3120026A rev.8.01
Running: gmer.exe; Driver: C:\DOCUME~1\marika\LOCALS~1\Temp\uwtdypod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB6D52FC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB6DB7510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB6D766A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB6D55456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB6D554AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB6D555C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB6D7605D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB6D553AC]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xF8496B00]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB6D554FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB6D55400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB6D55572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB6D52FE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB6D76D6F]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB6D77025]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB6D55848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB6D76BDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB6D76A45]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB6DB75C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB6D52DB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB6D5300C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB6D559BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB6D53AA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB6D55486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB6D554D6]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenFile [0xF8496B40]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB6D555EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB6D763B9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB6D553D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB6D55680]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB6D5553E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB6D5542E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB6D55764]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB6D5559C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB6DB7658]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB6D768C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB6D5396A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB6D76712]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB6DBF9E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB6D756D0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB6D53030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB6D53054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB6D52E0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB6D52F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB6D76E76]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB6D52F24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB6D52F6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB6D53078]

INT 0x62 ? 82FDBBF8
INT 0x82 ? 82FDBBF8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB6DCB7A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 140 804E279C 4 Bytes CALL A804FCD0
.text ntoskrnl.exe!_abnormal_termination + 214 804E2870 16 Bytes [86, 54, D5, B6, D6, 54, D5, ...] {XCHG [EBP+EDX*8-0x4a], DL; SALC ; PUSH ESP; AAD 0xb6; INC EAX; IMUL ECX, [ECX-0x8], 0xee; PUSH EBP; AAD 0xb6}
PAGE ntoskrnl.exe!ObInsertObject 80564423 5 Bytes JMP B6DCA15C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80569DFA 4 Bytes CALL B6D5400F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 80581F0E 7 Bytes JMP B6DCB7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A1142 5 Bytes JMP B6DC869C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? sphc.sys Systém nemůže nalézt uvedený soubor. !
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF87ECE1E]
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E90F 5 Bytes JMP B6D55AD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 4EF BF8314D1 5 Bytes JMP B6D55B9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + E0A3 BF84CCE4 5 Bytes JMP B6D55C0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 413A BF88D250 5 Bytes JMP B6D55F76 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 4006 BF8B46A6 5 Bytes JMP B6D55DE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 4091 BF8B4731 5 Bytes JMP B6D55FBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 9A89 BF8BA129 5 Bytes JMP B6D55ABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 3E8 BF8C3205 5 Bytes JMP B6D55CA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 5039 BF8EDC73 5 Bytes JMP B6D55D14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 52B9 BF8EDEF3 5 Bytes JMP B6D55D4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 74EA BF8F0124 5 Bytes JMP B6D559F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1994 BF9127C2 5 Bytes JMP B6D55B56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2568 BF913396 5 Bytes JMP B6D55C6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EC7 BF915CF5 5 Bytes JMP B6D560D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[300] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[300] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[300] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[300] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\spoolsv.exe[300] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\spoolsv.exe[300] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\spoolsv.exe[300] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\spoolsv.exe[300] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\spoolsv.exe[300] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[608] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[608] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[608] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[608] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[608] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003C1014
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003C0804
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003C0A08
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003C0C0C
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003C0E10
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003C01F8
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003C03FC
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003C0600
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D0600
.text C:\WINDOWS\System32\smss.exe[732] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003D1014
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003D0804
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003D0A08
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003D0C0C
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003D0E10
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003D01F8
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003D03FC
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\csrss.exe[796] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[820] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[820] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[820] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[864] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\services.exe[864] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\services.exe[864] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\services.exe[864] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\services.exe[864] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\services.exe[864] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000801F8
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000803FC
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00301014
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00300804
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00300A08
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00300C0C
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00300E10
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003001F8
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003003FC
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00300600
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003101F8
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003103FC
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00310804
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00310A08
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00310600
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003D1014
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003D0804
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003D0A08
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003D0C0C
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003D0E10
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003D01F8
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003D03FC
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003D0600
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D0600
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003E1014
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003E0804
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003E0A08
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003E0C0C
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003E0E10
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003E01F8
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003E03FC
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003E0600
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1156] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1156] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1228] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1228] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1228] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1228] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003D1014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003D0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003D0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003D0C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003D0E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003D01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003D03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003D0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] USER32.dll!SetWindowsHookExA
Nahoru
2marcin
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 02 pro 2011 16:07

Re: pomalý internet

#32 Příspěvek od 2marcin »

2. polovica


.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe[1628] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe[1628] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe[1628] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe[1628] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe[1628] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 005501F8
.text C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe[1628] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 005503FC
.text C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe[1628] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00550804
.text C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe[1628] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00550A08
.text C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe[1628] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00550600
.text C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe[1628] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00561014
.text C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe[1628] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00560804
.text C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe[1628] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00560A08
.text C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe[1628] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00560C0C
.text C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe[1628] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00560E10
.text C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe[1628] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 005601F8
.text C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe[1628] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 005603FC
.text C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe[1628] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00560600
.text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00301014
.text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00300804
.text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00300A08
.text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00300E10
.text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003001F8
.text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003003FC
.text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00300600
.text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003101F8
.text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003103FC
.text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00310804
.text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00310A08
.text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\ntvdm.exe[1716] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 020701F8
.text C:\WINDOWS\system32\ntvdm.exe[1716] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\ntvdm.exe[1716] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 020703FC
.text C:\WINDOWS\system32\ntvdm.exe[1716] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\ntvdm.exe[1716] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 022F1014
.text C:\WINDOWS\system32\ntvdm.exe[1716] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 022F0804
.text C:\WINDOWS\system32\ntvdm.exe[1716] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 022F0A08
.text C:\WINDOWS\system32\ntvdm.exe[1716] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 022F0C0C
.text C:\WINDOWS\system32\ntvdm.exe[1716] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 022F0E10
.text C:\WINDOWS\system32\ntvdm.exe[1716] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 022F01F8
.text C:\WINDOWS\system32\ntvdm.exe[1716] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 022F03FC
.text C:\WINDOWS\system32\ntvdm.exe[1716] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 022F0600
.text C:\WINDOWS\system32\ntvdm.exe[1716] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 023001F8
.text C:\WINDOWS\system32\ntvdm.exe[1716] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 023003FC
.text C:\WINDOWS\system32\ntvdm.exe[1716] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 02300804
.text C:\WINDOWS\system32\ntvdm.exe[1716] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 02300A08
.text C:\WINDOWS\system32\ntvdm.exe[1716] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 02300600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1840] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1840] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1840] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2268] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2268] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2268] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2268] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2268] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\alg.exe[2268] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\alg.exe[2268] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\alg.exe[2268] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\alg.exe[2268] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\alg.exe[2268] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\alg.exe[2268] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\alg.exe[2268] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\alg.exe[2268] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\alg.exe[2268] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00300E10
.text C:\WINDOWS\System32\alg.exe[2268] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\alg.exe[2268] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\alg.exe[2268] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\wscntfy.exe[2300] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wscntfy.exe[2300] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2300] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wscntfy.exe[2300] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2300] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\wscntfy.exe[2300] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\wscntfy.exe[2300] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\wscntfy.exe[2300] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\wscntfy.exe[2300] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\wscntfy.exe[2300] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00321014
.text C:\WINDOWS\system32\wscntfy.exe[2300] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\wscntfy.exe[2300] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\wscntfy.exe[2300] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00320C0C
.text C:\WINDOWS\system32\wscntfy.exe[2300] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00320E10
.text C:\WINDOWS\system32\wscntfy.exe[2300] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\wscntfy.exe[2300] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\wscntfy.exe[2300] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00320600
.text D:\Software\gmer.exe[2684] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text D:\Software\gmer.exe[2684] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\totalcmd\TOTALCMD.EXE[3052] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\totalcmd\TOTALCMD.EXE[3052] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001801F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001803FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00561014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00560804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00560A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00560C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00560E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 005601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 005603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00560600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 005701F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 005703FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00570804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00570A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00570600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001801F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001803FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00561014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00560804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00560A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00560C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00560E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 005601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 005603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00560600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 005701F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 005703FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00570804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00570A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3392] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00570600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001801F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001803FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00561014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00560804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00560A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00560C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00560E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 005601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 005603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00560600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 005701F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 005703FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00570804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00570A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3400] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00570600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001801F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001803FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00561014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00560804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00560A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00560C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00560E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 005601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 005603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00560600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 005701F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 005703FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00570804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00570A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3780] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00570600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001801F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001803FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00561014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00560804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00560A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00560C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00560E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 005601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 005603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00560600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 005701F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 005703FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00570804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00570A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3876] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00570600

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82FDE2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8507C4C] sphc.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8507CA0] sphc.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F84E7048] sphc.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[864] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00680002
IAT C:\WINDOWS\system32\services.exe[864] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00680000
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3372] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3392] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3400] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3780] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 82F6D1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\dmio \Device\DmControl\DmIoDaemon 82F6F1F8
Device \Driver\dmio \Device\DmControl\DmConfig 82F6F1F8
Device \Driver\dmio \Device\DmControl\DmPnP 82F6F1F8
Device \Driver\dmio \Device\DmControl\DmInfo 82F6F1F8

---- Modules - GMER 1.0.15 ----

Module _________ F83F9000-F8411000 (98304 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xED 0x75 0xDC 0xFA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xED 0x75 0xDC 0xFA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xED 0x75 0xDC 0xFA ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120%
Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120%

---- Files - GMER 1.0.15 ----

File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG 1024 bytes
File C:\## aswSnx private storage\webStorage 0 bytes
File C:\## aswSnx private storage\webStorage\attrib 0 bytes
File C:\## aswSnx private storage\webStorage\image 0 bytes
File C:\## aswSnx private storage\webStorage\image\WINDOWS 0 bytes
File C:\## aswSnx private storage\webStorage\image\WINDOWS\Prefetch 0 bytes
File C:\## aswSnx private storage\webStorage\image\WINDOWS\Prefetch\IEXPLORE.EXE-0A31FE70.pf 10292 bytes
File C:\## aswSnx private storage\webStorage\snx_fs.dat 476 bytes

---- EOF - GMER 1.0.15 ----
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119515
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: pomalý internet

#33 Příspěvek od Rudy »

Ani zde není nic vidět. Ještě zkusíme toto. Připravte si instal. CD WinXPPro, nabootujte z něho a až se na dolní liště objeví "R-opravit", stiskněte "R". Pak se přihlašte ke konzole pro zotavení. Ta pracuje v řádkovém režimu. Do příkazového řádku postupně vložte:
cd c:\ (stiskněte Enter)
fixmbr (stiskněte Enter a potvrdit)
exit (stiskněte Enter)
PC bude restartován. Akce by měla přepsat MasterBootRecord, který je pravděpodobně něčím napaden z čisté zálohy.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
2marcin
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 02 pro 2011 16:07

Re: pomalý internet

#34 Příspěvek od 2marcin »

skúsil som a nič to isté ako bolo
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119515
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: pomalý internet

#35 Příspěvek od Rudy »

OK. Stáhněte MBR: http://www2.gmer.net/mbr/mbr.exe uložte na plochu a spusťte. Utilita vytvoří krátký log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
2marcin
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 02 pro 2011 16:07

Re: pomalý internet

#36 Příspěvek od 2marcin »

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3120026A rev.8.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119515
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: pomalý internet

#37 Příspěvek od Rudy »

OK. Poprosím o ještě jedno spuštění přes start>spustit>(napsat) c:\documents and settings\marika\Plocha\mbr.exe -t -s>OK. Log sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
2marcin
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 02 pro 2011 16:07

Re: pomalý internet

#38 Příspěvek od 2marcin »

tu je log ale išlo to spustiť iba bez toho -t -s>OK.




Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3120026A rev.8.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119515
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: pomalý internet

#39 Příspěvek od Rudy »

Zkuste tento příkaz: C:\documents and settings\marika\plocha\mbr -t -s
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
2marcin
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 02 pro 2011 16:07

Re: pomalý internet

#40 Příspěvek od 2marcin »

:( nejde ani takto
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119515
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: pomalý internet

#41 Příspěvek od Rudy »

Tak ještě jeden pokus: "%userprofile%\plocha\mbr" -t -s . Předpokládá se, že mbr je umístěn na ploše profilu marika.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
2marcin
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 02 pro 2011 16:07

Re: pomalý internet

#42 Příspěvek od 2marcin »

teraz to spustilo tu je log :

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3120026A rev.8.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82C54840]<<
_asm { JMP 0x4; }
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x82ED5AB8]
3 CLASSPNP[0xF865705B] -> nt!IofCallDriver[0x804E37C5] -> \Device\0000008f[0x82EF3900]
5 ACPI[0xF846D620] -> nt!IofCallDriver[0x804E37C5] -> \Device\Ide\IdeDeviceP1T0L0-e[0x82EE6940]
\Driver\atapi[0x82ED7760] -> IRP_MJ_CREATE -> 0x82C54840
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi -> 0x82c54840
user & kernel MBR OK
Warning: possible MBR rootkit infection !
Nahoru
2marcin
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 02 pro 2011 16:07

Re: pomalý internet

#43 Příspěvek od 2marcin »

Předpokládá se, že mbr je umístěn na ploše profilu marika.

predpoklad je samozrejme správny :)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119515
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: pomalý internet

#44 Příspěvek od Rudy »

Konečně se zadařilo. Spusťte ještě jednou, ale s jiným přepínačem: "%userprofile%\plocha\mbr" -f . Toto by mělo rootkit vymést.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
2marcin
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 02 pro 2011 16:07

Re: pomalý internet

#45 Příspěvek od 2marcin »

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3120026A rev.8.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“