Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu
Provedl jsem checkdisk na všech ostatních discích.- žádné chyby.
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Zkuste přeinstalovat ovladače k zákl. desce.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
K přeinstalaci jsem se ještě nedostal. Ještě jeden poznatek-co se týče kopírování souborů z disku na disk, popř. v rámci jednoho disku.
Kopírování probíha "rychlostí" cca 1100 kB/s což je hrozné při procesoru AMD Phenom(tm) 8450 Triple-Core Processor, 2104 MHz
Dnes ,nebo zítra zkusím nové ovladače a ozvu se zda nastala změna.
Kopírování probíha "rychlostí" cca 1100 kB/s což je hrozné při procesoru AMD Phenom(tm) 8450 Triple-Core Processor, 2104 MHz
Dnes ,nebo zítra zkusím nové ovladače a ozvu se zda nastala změna.
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
OK, dejte vědět.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Tak zázrak se nekonal. Ovladače základní desky/ Gigabyte MA770-UD3/ přeinstalované /Lan, audio, Grafika/. Potíže stále stejné-pomalý start, pomalé spouštění programů, velmi pomalé kopírování souborů mezi interníma popř. v rámci jednoho disku.
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Důležité je přeinstalovat ovladač chipsetu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Chipset jsem samozřejmě také přeinstaloval. Pokrok žádný.
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Co jste instaloval těsně před tím, než se problém objevil?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Bohužel si nevzpomínám, nic extra jsem neinstaloval. V poslední době aktualizuji běžné programy, jako je ccleaner, skype, cdburnerxp, gom player, aimp player atd. Pravidelně aktualizuji windovs a office.
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Jako jedna z posledních možností zbývá sken GMER: http://forum.viry.cz/viewtopic.php?f=29&t=62878 . Spusťte, nechte pracovat a dejte oba logy. Jedná se o kontrolu na rootkit.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Přidávám logy z Gmeru. Ono to asi skutečně vypadá na hardwarovou chybu. A zdá se, že systémový disk má svůj zenit za sebou.
Vzhledem k tomu, že druhý log má příliš znaků, posílám ho ve druhé odpovědi.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-09 10:16:32
Windows 5.1.2600 Service Pack 3 Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-24 ST340014A rev.8.01
Running: gmer.exe; Driver: C:\DOCUME~1\Jiri\LOCALS~1\Temp\uwkyqkow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA773628E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA77360F9]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA77ABD92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-24 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\arlss647 \Device\Scsi\arlss6471 8A60F1E8
Device \Driver\arlss647 \Device\Scsi\arlss6471Port4Path0Target0Lun0 8A60F1E8
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 8A80D1E8
AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
Vzhledem k tomu, že druhý log má příliš znaků, posílám ho ve druhé odpovědi.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-09 10:16:32
Windows 5.1.2600 Service Pack 3 Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-24 ST340014A rev.8.01
Running: gmer.exe; Driver: C:\DOCUME~1\Jiri\LOCALS~1\Temp\uwkyqkow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA773628E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA77360F9]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA77ABD92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-24 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\arlss647 \Device\Scsi\arlss6471 8A60F1E8
Device \Driver\arlss647 \Device\Scsi\arlss6471Port4Path0Target0Lun0 8A60F1E8
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 8A80D1E8
AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
Re: Prosím o kontrolu logu
druhý log z Gmeru-1. část
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-09 11:27:33
Windows 5.1.2600 Service Pack 3 Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-24 ST340014A rev.8.01
Running: gmer.exe; Driver: C:\DOCUME~1\Jiri\LOCALS~1\Temp\uwkyqkow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA7708DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA7795A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA770985E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA7735D5D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA770E2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA770E330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA770E422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA7735711]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA770E252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA770E374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA770E29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA770E3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA7708E44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA7736423]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA77366D9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA770B9A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA773628E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA77360F9]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA7795B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA7708AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA7708E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA770BD1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA7709B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA770E30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA770E352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA770E446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA7735A6D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA770E278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA770B518]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA770E3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA770E2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA770B74C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA770E400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA7795CA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA7735F74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA77099CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA7735DC6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA779FB68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA7734D84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA7708EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA7708F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA7708B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA7708CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA773652A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA7708C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA7708D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xA7795D60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA7708F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xA7795BE0]
INT 0x62 ? 8A80ECB8
INT 0x73 ? 8A80ECB8
INT 0x73 ? 8A80ECB8
INT 0x83 ? 8A6ACCB8
INT 0x83 ? 8A6ACCB8
INT 0x83 ? 8A6ACCB8
INT 0xA4 ? 8A6ACCB8
INT 0xB4 ? 8A6ACCB8
INT 0xB4 ? 8A6ACCB8
INT 0xB4 ? 8A6ACCB8
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA77ABD92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL A770A19F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP A77A8C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP A77AA74C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP A77ABD96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB9FA1089]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB5582000, 0x235297, 0xE8000020]
.text USBPORT.SYS!DllUnload B54C78AC 5 Bytes JMP 8A6AC1C8
.text arlss647.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 B5464900 48 Bytes [AF, D9, 9C, 7F, 87, C8, A5, ...]
? C:\WINDOWS\System32\Drivers\arlss647.SYS suspicious PE modification
.text win32k.sys!EngFreeUserMem + 674 BF8098F2 5 Bytes JMP A770D180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C84E 5 Bytes JMP A770D07C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138E6 5 Bytes JMP A770D036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C550 5 Bytes JMP A770C724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240C0 5 Bytes JMP A770BF84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A2A 5 Bytes JMP A770D2EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831475 5 Bytes JMP A770D4F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF839EB3 5 Bytes JMP A770CF3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851745 5 Bytes JMP A770BE66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC6A 5 Bytes JMP A770C7E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2D4 5 Bytes JMP A770C384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E35F 5 Bytes JMP A770C562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5D2 5 Bytes JMP A770BE4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649A1 5 Bytes JMP A770D0BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873CF0 5 Bytes JMP A770C51C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890FA2 5 Bytes JMP A770C7FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF89454D 5 Bytes JMP A770D232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895025 5 Bytes JMP A770D450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3857 BF89C3CB 5 Bytes JMP A770C70C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89D960 5 Bytes JMP A770BFF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C1EE0 5 Bytes JMP A770C104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA342 5 Bytes JMP A770C1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA5C2 5 Bytes JMP A770C2E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC017 5 Bytes JMP A770BD52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB3D BF8F5016 5 Bytes JMP A770C73C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF913566 5 Bytes JMP A770BF22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF91413A 5 Bytes JMP A770C0B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F2C BF916AB3 5 Bytes JMP A770C67C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1940 BF946632 5 Bytes JMP A770D3A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 004C1014
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 004C0804
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 004C0A08
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 004C0C0C
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 004C0E10
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004C01F8
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004C03FC
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 004C0600
.text C:\WINDOWS\Explorer.EXE[504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[504] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[504] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[504] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\Explorer.EXE[504] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\Explorer.EXE[504] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\Explorer.EXE[504] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\Explorer.EXE[504] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\Explorer.EXE[504] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\Explorer.EXE[504] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[720] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[980] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\csrss.exe[1100] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1144] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\winlogon.exe[1144] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\winlogon.exe[1144] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\winlogon.exe[1144] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\winlogon.exe[1144] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\winlogon.exe[1144] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\services.exe[1196] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1196] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1196] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\services.exe[1196] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\services.exe[1196] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\services.exe[1196] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\services.exe[1196] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\services.exe[1196] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\lsass.exe[1208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1208] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\lsass.exe[1208] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\lsass.exe[1208] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\lsass.exe[1208] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\lsass.exe[1208] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\lsass.exe[1208] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[1644] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\svchost.exe[1644] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\svchost.exe[1644] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\System32\svchost.exe[1644] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\svchost.exe[1644] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\VM_STI.EXE[1740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\VM_STI.EXE[1740] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\VM_STI.EXE[1740] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\VM_STI.EXE[1740] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\VM_STI.EXE[1740] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\WINDOWS\VM_STI.EXE[1740] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\WINDOWS\VM_STI.EXE[1740] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\WINDOWS\VM_STI.EXE[1740] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\VM_STI.EXE[1740] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!DeleteService
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-09 11:27:33
Windows 5.1.2600 Service Pack 3 Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-24 ST340014A rev.8.01
Running: gmer.exe; Driver: C:\DOCUME~1\Jiri\LOCALS~1\Temp\uwkyqkow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA7708DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA7795A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA770985E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA7735D5D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA770E2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA770E330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA770E422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA7735711]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA770E252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA770E374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA770E29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA770E3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA7708E44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA7736423]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA77366D9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA770B9A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA773628E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA77360F9]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA7795B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA7708AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA7708E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA770BD1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA7709B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA770E30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA770E352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA770E446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA7735A6D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA770E278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA770B518]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA770E3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA770E2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA770B74C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA770E400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA7795CA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA7735F74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA77099CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA7735DC6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA779FB68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA7734D84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA7708EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA7708F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA7708B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA7708CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA773652A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA7708C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA7708D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xA7795D60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA7708F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xA7795BE0]
INT 0x62 ? 8A80ECB8
INT 0x73 ? 8A80ECB8
INT 0x73 ? 8A80ECB8
INT 0x83 ? 8A6ACCB8
INT 0x83 ? 8A6ACCB8
INT 0x83 ? 8A6ACCB8
INT 0xA4 ? 8A6ACCB8
INT 0xB4 ? 8A6ACCB8
INT 0xB4 ? 8A6ACCB8
INT 0xB4 ? 8A6ACCB8
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA77ABD92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL A770A19F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP A77A8C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP A77AA74C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP A77ABD96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB9FA1089]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB5582000, 0x235297, 0xE8000020]
.text USBPORT.SYS!DllUnload B54C78AC 5 Bytes JMP 8A6AC1C8
.text arlss647.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 B5464900 48 Bytes [AF, D9, 9C, 7F, 87, C8, A5, ...]
? C:\WINDOWS\System32\Drivers\arlss647.SYS suspicious PE modification
.text win32k.sys!EngFreeUserMem + 674 BF8098F2 5 Bytes JMP A770D180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C84E 5 Bytes JMP A770D07C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138E6 5 Bytes JMP A770D036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C550 5 Bytes JMP A770C724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240C0 5 Bytes JMP A770BF84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A2A 5 Bytes JMP A770D2EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831475 5 Bytes JMP A770D4F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF839EB3 5 Bytes JMP A770CF3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851745 5 Bytes JMP A770BE66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC6A 5 Bytes JMP A770C7E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2D4 5 Bytes JMP A770C384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E35F 5 Bytes JMP A770C562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5D2 5 Bytes JMP A770BE4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649A1 5 Bytes JMP A770D0BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873CF0 5 Bytes JMP A770C51C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890FA2 5 Bytes JMP A770C7FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF89454D 5 Bytes JMP A770D232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895025 5 Bytes JMP A770D450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3857 BF89C3CB 5 Bytes JMP A770C70C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89D960 5 Bytes JMP A770BFF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C1EE0 5 Bytes JMP A770C104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA342 5 Bytes JMP A770C1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA5C2 5 Bytes JMP A770C2E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC017 5 Bytes JMP A770BD52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB3D BF8F5016 5 Bytes JMP A770C73C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF913566 5 Bytes JMP A770BF22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF91413A 5 Bytes JMP A770C0B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F2C BF916AB3 5 Bytes JMP A770C67C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1940 BF946632 5 Bytes JMP A770D3A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 004C1014
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 004C0804
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 004C0A08
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 004C0C0C
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 004C0E10
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004C01F8
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004C03FC
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 004C0600
.text C:\WINDOWS\Explorer.EXE[504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[504] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[504] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[504] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\Explorer.EXE[504] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\Explorer.EXE[504] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\Explorer.EXE[504] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\Explorer.EXE[504] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\Explorer.EXE[504] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\Explorer.EXE[504] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[720] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[980] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\csrss.exe[1100] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1144] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\winlogon.exe[1144] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\winlogon.exe[1144] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\winlogon.exe[1144] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\winlogon.exe[1144] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\winlogon.exe[1144] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\services.exe[1196] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1196] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1196] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\services.exe[1196] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\services.exe[1196] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\services.exe[1196] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\services.exe[1196] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\services.exe[1196] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\lsass.exe[1208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1208] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\lsass.exe[1208] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\lsass.exe[1208] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\lsass.exe[1208] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\lsass.exe[1208] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\lsass.exe[1208] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[1644] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\svchost.exe[1644] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\svchost.exe[1644] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\System32\svchost.exe[1644] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\svchost.exe[1644] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\VM_STI.EXE[1740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\VM_STI.EXE[1740] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\VM_STI.EXE[1740] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\VM_STI.EXE[1740] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\VM_STI.EXE[1740] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\WINDOWS\VM_STI.EXE[1740] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\WINDOWS\VM_STI.EXE[1740] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\WINDOWS\VM_STI.EXE[1740] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\VM_STI.EXE[1740] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!DeleteService
Re: Prosím o kontrolu logu
druhý log z Gmeru 2. část
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2036] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2036] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\RTHDCPL.EXE[2092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\RTHDCPL.EXE[2092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600
.text C:\WINDOWS\RTHDCPL.EXE[2092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\RTHDCPL.EXE[2092] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\RTHDCPL.EXE[2092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\RTHDCPL.EXE[2092] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\RTHDCPL.EXE[2092] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Messenger\msmsgs.exe[2104] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\Program Files\Messenger\msmsgs.exe[2104] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[2104] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\Program Files\Messenger\msmsgs.exe[2104] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600
.text C:\Program Files\Messenger\msmsgs.exe[2104] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00330804
.text C:\Program Files\Messenger\msmsgs.exe[2104] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00330A08
.text C:\Program Files\Messenger\msmsgs.exe[2104] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00330600
.text C:\Program Files\Messenger\msmsgs.exe[2104] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003301F8
.text C:\Program Files\Messenger\msmsgs.exe[2104] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003303FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\ctfmon.exe[2128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[2128] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2128] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[2128] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\ctfmon.exe[2128] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\ctfmon.exe[2128] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\ctfmon.exe[2128] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\ctfmon.exe[2128] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\ctfmon.exe[2128] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\ctfmon.exe[2128] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00760804
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00760A08
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00760600
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 007601F8
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 007603FC
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00771014
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00770804
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00770A08
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00770C0C
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00770E10
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 007701F8
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 007703FC
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00770600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\alg.exe[3776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[3776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[3776] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3776] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\alg.exe[3776] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\alg.exe[3776] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\alg.exe[3776] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\alg.exe[3776] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009C1014
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009C0804
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009C0A08
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009C0C0C
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009C0E10
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009C01F8
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009C03FC
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009C0600
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B9E8F232] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B9E8E730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B9E8EF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9E8E730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9E8E914] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9E8E856] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9E8F0F0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9E8EF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EA2EA6] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\WINDOWS\system32\services.exe[1196] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002
IAT C:\WINDOWS\system32\services.exe[1196] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2036] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 8A80D1E8
AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\PCI_PNP1994 \Device\00000043 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
Device \Driver\PCI_PNP1994 \Device\00000043 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
Device \Driver\usbohci \Device\USBPDO-0 8A6BB1E8
Device \Driver\usbohci \Device\USBPDO-1 8A6BB1E8
Device \Driver\usbehci \Device\USBPDO-2 8A6BA1E8
Device \Driver\usbohci \Device\USBPDO-3 8A6BB1E8
Device \Driver\usbohci \Device\USBPDO-4 8A6BB1E8
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbehci \Device\USBPDO-5 8A6BA1E8
Device \Driver\usbohci \Device\USBPDO-6 8A6BB1E8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \Driver\Cdrom \Device\CdRom0 8A7CE1E8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-24 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A7CE1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{924CFA2A-B73A-4E06-9D92-BC128E64ACFC} 89503430
Device \Driver\NetBT \Device\NetBt_Wins_Export 89503430
Device \Driver\NetBT \Device\NetbiosSmb 89503430
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbohci \Device\USBFDO-0 8A6BB1E8
Device \Driver\usbohci \Device\USBFDO-1 8A6BB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 894F51E8
Device \Driver\usbehci \Device\USBFDO-2 8A6BA1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 894F51E8
Device \Driver\usbohci \Device\USBFDO-3 8A6BB1E8
Device \Driver\usbohci \Device\USBFDO-4 8A6BB1E8
Device \Driver\usbehci \Device\USBFDO-5 8A6BA1E8
Device \Driver\usbohci \Device\USBFDO-6 8A6BB1E8
Device \Driver\arlss647 \Device\Scsi\arlss6471 8A60F1E8
Device \Driver\arlss647 \Device\Scsi\arlss6471Port4Path0Target0Lun0 8A60F1E8
Device \FileSystem\Cdfs \Cdfs 894D01E8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0xCA 0xBB 0x86 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x26 0x04 0x8D 0x31 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x49 0x6C 0x45 0x5D ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF2 0x68 0x2F 0x89 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCE 0x13 0x70 0xFA ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x74 0x55 0xBE 0xE1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0xCA 0xBB 0x86 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x26 0x04 0x8D 0x31 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x49 0x6C 0x45 0x5D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF2 0x68 0x2F 0x89 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCE 0x13 0x70 0xFA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x74 0x55 0xBE 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0xCA 0xBB 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x26 0x04 0x8D 0x31 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x49 0x6C 0x45 0x5D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF2 0x68 0x2F 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCE 0x13 0x70 0xFA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x74 0x55 0xBE 0xE1 ...
---- EOF - GMER 1.0.15 ----
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2036] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2036] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\RTHDCPL.EXE[2092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\RTHDCPL.EXE[2092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600
.text C:\WINDOWS\RTHDCPL.EXE[2092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\RTHDCPL.EXE[2092] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\RTHDCPL.EXE[2092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\RTHDCPL.EXE[2092] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\RTHDCPL.EXE[2092] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Messenger\msmsgs.exe[2104] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\Program Files\Messenger\msmsgs.exe[2104] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[2104] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\Program Files\Messenger\msmsgs.exe[2104] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600
.text C:\Program Files\Messenger\msmsgs.exe[2104] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00330804
.text C:\Program Files\Messenger\msmsgs.exe[2104] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00330A08
.text C:\Program Files\Messenger\msmsgs.exe[2104] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00330600
.text C:\Program Files\Messenger\msmsgs.exe[2104] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003301F8
.text C:\Program Files\Messenger\msmsgs.exe[2104] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003303FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\ctfmon.exe[2128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[2128] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2128] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[2128] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\ctfmon.exe[2128] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\ctfmon.exe[2128] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\ctfmon.exe[2128] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\ctfmon.exe[2128] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\ctfmon.exe[2128] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\ctfmon.exe[2128] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00760804
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00760A08
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00760600
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 007601F8
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 007603FC
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00771014
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00770804
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00770A08
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00770C0C
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00770E10
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 007701F8
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 007703FC
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00770600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\alg.exe[3776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[3776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[3776] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3776] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\alg.exe[3776] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\alg.exe[3776] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\alg.exe[3776] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\alg.exe[3776] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009C1014
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009C0804
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009C0A08
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009C0C0C
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009C0E10
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009C01F8
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009C03FC
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009C0600
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B9E8F232] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B9E8E730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B9E8EF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9E8E730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9E8E914] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9E8E856] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9E8F0F0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9E8EF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EA2EA6] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\WINDOWS\system32\services.exe[1196] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002
IAT C:\WINDOWS\system32\services.exe[1196] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2036] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 8A80D1E8
AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\PCI_PNP1994 \Device\00000043 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
Device \Driver\PCI_PNP1994 \Device\00000043 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
Device \Driver\usbohci \Device\USBPDO-0 8A6BB1E8
Device \Driver\usbohci \Device\USBPDO-1 8A6BB1E8
Device \Driver\usbehci \Device\USBPDO-2 8A6BA1E8
Device \Driver\usbohci \Device\USBPDO-3 8A6BB1E8
Device \Driver\usbohci \Device\USBPDO-4 8A6BB1E8
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbehci \Device\USBPDO-5 8A6BA1E8
Device \Driver\usbohci \Device\USBPDO-6 8A6BB1E8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \Driver\Cdrom \Device\CdRom0 8A7CE1E8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-24 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A7CE1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{924CFA2A-B73A-4E06-9D92-BC128E64ACFC} 89503430
Device \Driver\NetBT \Device\NetBt_Wins_Export 89503430
Device \Driver\NetBT \Device\NetbiosSmb 89503430
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbohci \Device\USBFDO-0 8A6BB1E8
Device \Driver\usbohci \Device\USBFDO-1 8A6BB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 894F51E8
Device \Driver\usbehci \Device\USBFDO-2 8A6BA1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 894F51E8
Device \Driver\usbohci \Device\USBFDO-3 8A6BB1E8
Device \Driver\usbohci \Device\USBFDO-4 8A6BB1E8
Device \Driver\usbehci \Device\USBFDO-5 8A6BA1E8
Device \Driver\usbohci \Device\USBFDO-6 8A6BB1E8
Device \Driver\arlss647 \Device\Scsi\arlss6471 8A60F1E8
Device \Driver\arlss647 \Device\Scsi\arlss6471Port4Path0Target0Lun0 8A60F1E8
Device \FileSystem\Cdfs \Cdfs 894D01E8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0xCA 0xBB 0x86 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x26 0x04 0x8D 0x31 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x49 0x6C 0x45 0x5D ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF2 0x68 0x2F 0x89 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCE 0x13 0x70 0xFA ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x74 0x55 0xBE 0xE1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0xCA 0xBB 0x86 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x26 0x04 0x8D 0x31 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x49 0x6C 0x45 0x5D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF2 0x68 0x2F 0x89 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCE 0x13 0x70 0xFA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x74 0x55 0xBE 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0xCA 0xBB 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x26 0x04 0x8D 0x31 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x49 0x6C 0x45 0x5D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF2 0x68 0x2F 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCE 0x13 0x70 0xFA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x74 0x55 0xBE 0xE1 ...
---- EOF - GMER 1.0.15 ----
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Logy vypadají OK. Buď jde o hw chybu, nebo je to nějaká systémová chyba. Pokud chcete, zkuste opravu systému z instal. média.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Každopádně děkuju za podporu a zkusím se s tím ještě porvat.
Přispějete na provoz fóra?