Pomalý start notebooku + časté zamrzání u aplikací

[Rudy]

Potom by to mělo být OK. Ještě provedeme kontrolu na rootkity. Stáhněte a spusťte GMER: http://forum.viry.cz/viewtopic.php?f=29&t=62878 a dejte oby logy.

[Well]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-09 12:43:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK6032GSX rev.AS311G
Running: gmer.exe; Driver: C:\DOCUME~1\Pietro\LOCALS~1\Temp\ufryifow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwEnumerateKey [0xEEEC800A]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwEnumerateValueKey [0xEEEC80A2]

Code \SystemRoot\system32\DRIVERS\7228290drv.sys FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\7228290drv.sys IoIsOperationSynchronous

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F73C7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F73C7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F73C7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F73C7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F73C7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [F73C7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\a7wtm41m \Device\Scsi\a7wtm41m1 851EF1F8
Device \Driver\a7wtm41m \Device\Scsi\a7wtm41m1Port4Path0Target0Lun0 851EF1F8
Device \FileSystem\Ntfs \Ntfs 8576A1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

[Well]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-09 13:07:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK6032GSX rev.AS311G
Running: gmer.exe; Driver: C:\DOCUME~1\Pietro\LOCALS~1\Temp\ufryifow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF2318DF8]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwAdjustPrivilegesToken [0xEEEC8690]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF23CDA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xF231985E]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwClose [0xEEEC8F94]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwConnectPort [0xEEEC9DC8]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwCreateEvent [0xEEECA312]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF231E330]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwCreateFile [0xEEEC9270]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF231E422]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwCreateKey [0xEEEC7500]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwCreateMutant [0xEEECA1F8]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwCreateNamedPipeFile [0xEEEC827E]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwCreatePort [0xEEECA0CC]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwCreateSection [0xEEEC8426]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwCreateSemaphore [0xEEECA432]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwCreateThread [0xEEEC8C1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF231E3DC]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwCreateWaitablePort [0xEEECA162]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwDebugActiveProcess [0xEEECBB1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF2318E44]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwDeleteKey [0xEEEC7B0A]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwDeleteValueKey [0xEEEC7EBE]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwDeviceIoControlFile [0xEEEC96F2]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwDuplicateObject [0xEEECCD26]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwEnumerateKey [0xEEEC800A]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwEnumerateValueKey [0xEEEC80A2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF23CDB34]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwFsControlFile [0xEEEC9500]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwLoadDriver [0xEEECBC0C]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwLoadKey [0xEEEC74DC]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwLoadKey2 [0xEEEC74EE]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwMapViewOfSection [0xEEECC374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF2318E90]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwNotifyChangeKey [0xEEEC81CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF2319B02]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwOpenEvent [0xEEECA3A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF231E352]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwOpenFile [0xEEEC9016]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF231E446]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwOpenKey [0xEEEC76C0]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwOpenMutant [0xEEECA288]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwOpenProcess [0xEEEC88CC]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwOpenSection [0xEEECC10E]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwOpenSemaphore [0xEEECA4C8]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwOpenThread [0xEEEC87BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF231E400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF23CDCA0]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwQueryKey [0xEEEC813A]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwQueryMultipleValueKey [0xEEEC7D72]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF23199CE]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwQuerySection [0xEEECC6AE]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwQueryValueKey [0xEEEC799C]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwQueueApcThread [0xEEECBFA0]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwRenameKey [0xEEEC7C2C]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwReplaceKey [0xEEEC6F16]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwReplyPort [0xEEECA82C]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwReplyWaitReceivePort [0xEEECA6F2]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwRequestWaitReplyPort [0xEEECB8B4]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwRestoreKey [0xEEEC728E]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwResumeThread [0xEEECCBC8]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwSaveKey [0xEEEC6EAE]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwSecureConnectPort [0xEEEC9B0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF2318EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF2318F28]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwSetContextThread [0xEEEC8E38]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwSetInformationToken [0xEEECB154]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwSetSecurityObject [0xEEECBDAA]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwSetSystemInformation [0xEEECC7FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF2318CEA]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwSetValueKey [0xEEEC7816]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF2318C92]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwSuspendProcess [0xEEECC8F0]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwSuspendThread [0xEEECCA2A]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwSystemDebugControl [0xEEECBA3E]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwTerminateProcess [0xEEEC8A68]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwTerminateThread [0xEEEC89C8]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwUnmapViewOfSection [0xEEECC552]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF2318F74]
SSDT \SystemRoot\system32\DRIVERS\7228290drv.sys ZwWriteVirtualMemory [0xEEEC8B52]

INT 0x63 ? 8576EBF8
INT 0x82 ? 8576BBF8
INT 0x83 ? 8576BBF8
INT 0x83 ? 8576BBF8
INT 0xA4 ? 85208F00
INT 0xA4 ? 85208F00
INT 0xA4 ? 85208F00
INT 0xA4 ? 85208F00

Code \SystemRoot\system32\DRIVERS\7228290drv.sys FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\7228290drv.sys IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + D8 804E2734 16 Bytes [12, A3, EC, EE, 30, E3, 31, ...] {ADC AH, [EBX-0x1ccf1114]; XOR EDX, ESI; JO 0xffffffffffffff9c; IN AL, DX ; OUT DX, AL ; AND AH, AH; XOR EDX, ESI}
.text ntoskrnl.exe!_abnormal_termination + 1D0 804E282C 12 Bytes [0C, BC, EC, EE, DC, 74, EC, ...] {OR AL, 0xbc; IN AL, DX ; OUT DX, AL ; FDIV QWORD [ESP+EBP*8-0x12]; OUT DX, AL ; JZ 0xfffffffffffffff7; OUT DX, AL }
.text ntoskrnl.exe!_abnormal_termination + 214 804E2870 16 Bytes [A8, A3, EC, EE, 52, E3, 31, ...]
.text ntoskrnl.exe!_abnormal_termination + 34C 804E29A8 16 Bytes [2C, 7C, EC, EE, 16, 6F, EC, ...] {SUB AL, 0x7c; IN AL, DX ; OUT DX, AL ; PUSH SS; OUTSD ; IN AL, DX ; OUT DX, AL ; SUB AL, 0xa8; IN AL, DX ; OUT DX, AL ; REPNZ CMPSB ; IN AL, DX ; OUT DX, AL }
.text ntoskrnl.exe!_abnormal_termination + 394 804E29F0 16 Bytes [0E, 9B, EC, EE, DC, 8E, 31, ...]
.text ...
.text ntoskrnl.exe!IoIsOperationSynchronous 804E875A 5 Bytes JMP EEEBB3AC \SystemRoot\system32\DRIVERS\7228290drv.sys
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80512919 5 Bytes JMP EEEBAFD0 \SystemRoot\system32\DRIVERS\7228290drv.sys
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056B8A2 4 Bytes CALL F231A19F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? spus.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload F6C7F8EC 5 Bytes JMP 852084E0
.text a7wtm41m.SYS F6BD0386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a7wtm41m.SYS F6BD03AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a7wtm41m.SYS F6BD03C4 3 Bytes [00, 80, 02]
.text a7wtm41m.SYS F6BD03C9 1 Byte [30]
.text a7wtm41m.SYS F6BD03C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text win32k.sys!EngFreeUserMem + 674 BF8098BF 5 Bytes JMP F231D180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C81B 5 Bytes JMP F231D07C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138AE 5 Bytes JMP F231D036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E72F 5 Bytes JMP F231BE66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 199A BF820E29 5 Bytes JMP F231C724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 77C8 BF8287B9 5 Bytes JMP F231BF84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 698 BF838479 5 Bytes JMP F231D2EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 3219 BF83AFFA 5 Bytes JMP F231D4F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + D4C7 BF8452A8 5 Bytes JMP F231CF3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + DDB0 BF845B91 5 Bytes JMP F231BFF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 11969 BF84974A 5 Bytes JMP F231C70C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 35A0 BF8648EA 5 Bytes JMP F231C384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 362B BF864975 5 Bytes JMP F231C562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 35C1 BF8688DD 5 Bytes JMP F231D0BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 3FE9 BF869305 5 Bytes JMP F231C7E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 40A9 BF8693C5 5 Bytes JMP F231BE4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF886D9A 5 Bytes JMP F231C51C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF8A4009 5 Bytes JMP F231C7FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 3AA1 BF8A8967 5 Bytes JMP F231D232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 4616 BF8AD4D2 5 Bytes JMP F231D450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 3E8 BF8C30F9 5 Bytes JMP F231C104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 51A8 BF8EDB23 5 Bytes JMP F231C1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 5428 BF8EDDA3 5 Bytes JMP F231C2E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 764E BF8EFFC9 5 Bytes JMP F231BD52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + EF2B BF8F78A6 5 Bytes JMP F231C73C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19C1 BF9131E9 1 Byte [E9]
.text win32k.sys!EngCreateClip + 19C1 BF9131E9 5 Bytes JMP F231BF22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2595 BF913DBD 5 Bytes JMP F231C0B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EF4 BF91671C 5 Bytes JMP F231C67C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1940 BF944774 5 Bytes JMP F231D3A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? system32\DRIVERS\7228290drv.sys Systém nemůže nalézt uvedenou cestu. !
? system32\DRIVERS\51032920.sys Systém nemůže nalézt uvedenou cestu. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[416] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[416] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[416] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[416] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[416] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[416] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[416] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[416] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[416] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[416] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 003E1014
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[416] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 003E0804
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[416] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 003E0A08
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[416] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 003E0C0C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[416] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 003E0E10
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[416] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003E01F8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[416] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003E03FC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[416] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 003E0600
.text C:\WINDOWS\RTHDCPL.EXE[436] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
.text C:\WINDOWS\RTHDCPL.EXE[436] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[436] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
.text C:\WINDOWS\RTHDCPL.EXE[436] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[436] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\WINDOWS\RTHDCPL.EXE[436] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\WINDOWS\RTHDCPL.EXE[436] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\WINDOWS\RTHDCPL.EXE[436] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\RTHDCPL.EXE[436] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\RTHDCPL.EXE[436] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 003E1014
.text C:\WINDOWS\RTHDCPL.EXE[436] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 003E0804
.text C:\WINDOWS\RTHDCPL.EXE[436] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 003E0A08
.text C:\WINDOWS\RTHDCPL.EXE[436] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\RTHDCPL.EXE[436] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 003E0E10
.text C:\WINDOWS\RTHDCPL.EXE[436] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003E01F8
.text C:\WINDOWS\RTHDCPL.EXE[436] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003E03FC
.text C:\WINDOWS\RTHDCPL.EXE[436] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 003E0600
.text C:\Program Files\HSPA USB MODEM\ModemListener.exe[452] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
.text C:\Program Files\HSPA USB MODEM\ModemListener.exe[452] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\HSPA USB MODEM\ModemListener.exe[452] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
.text C:\Program Files\HSPA USB MODEM\ModemListener.exe[452] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Program Files\HSPA USB MODEM\ModemListener.exe[452] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\Program Files\HSPA USB MODEM\ModemListener.exe[452] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\HSPA USB MODEM\ModemListener.exe[452] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\Program Files\HSPA USB MODEM\ModemListener.exe[452] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\Program Files\HSPA USB MODEM\ModemListener.exe[452] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\Program Files\HSPA USB MODEM\ModemListener.exe[452] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 003E1014
.text C:\Program Files\HSPA USB MODEM\ModemListener.exe[452] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 003E0804
.text C:\Program Files\HSPA USB MODEM\ModemListener.exe[452] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 003E0A08
.text C:\Program Files\HSPA USB MODEM\ModemListener.exe[452] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 003E0C0C
.text C:\Program Files\HSPA USB MODEM\ModemListener.exe[452] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 003E0E10
.text C:\Program Files\HSPA USB MODEM\ModemListener.exe[452] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003E01F8
.text C:\Program Files\HSPA USB MODEM\ModemListener.exe[452] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003E03FC
.text C:\Program Files\HSPA USB MODEM\ModemListener.exe[452] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 003E0600
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[456] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[456] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[456] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[456] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[456] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[456] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[456] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[456] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[456] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[456] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 003F1014
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[456] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 003F0804
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[456] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 003F0A08
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[456] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 003F0C0C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[456] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 003F0E10
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[456] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003F01F8
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[456] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003F03FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[456] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 003F0600
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[524] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[524] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[532] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[552] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[552] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[552] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[552] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[552] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\ctfmon.exe[552] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\ctfmon.exe[552] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\ctfmon.exe[552] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\ctfmon.exe[552] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\ctfmon.exe[552] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\ctfmon.exe[552] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\ctfmon.exe[552] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\ctfmon.exe[552] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\ctfmon.exe[552] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\ctfmon.exe[552] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\ctfmon.exe[552] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\ctfmon.exe[552] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\ctfmon.exe[552] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\system32\csrss.exe[604] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[604] KERNEL32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[660] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[660] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\winlogon.exe[660] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\winlogon.exe[660] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\winlogon.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\winlogon.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\winlogon.exe[660] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\winlogon.exe[660] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\winlogon.exe[660] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\winlogon.exe[660] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\winlogon.exe[660] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\winlogon.exe[660] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\winlogon.exe[660] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\winlogon.exe[660] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\services.exe[716] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[716] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[716] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\services.exe[716] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\services.exe[716] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\services.exe[716] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\services.exe[716] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\services.exe[716] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\lsass.exe[728] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\lsass.exe[728] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\lsass.exe[728] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\lsass.exe[728] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\lsass.exe[728] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[800] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[800] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[800] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[800] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[800] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 00321014
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[800] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 00320804
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[800] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 00320A08
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[800] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 00320C0C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[800] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 00320E10
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[800] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003201F8
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[800] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003203FC
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[800] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 00320600
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[800] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00330804
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[800] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00330A08
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[800] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00330600
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[800] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003301F8
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[800] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003303FC
.text C:\WINDOWS\system32\Ati2evxx.exe[892] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[892] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[892] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[892] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[892] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\Ati2evxx.exe[892] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[892] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\Ati2evxx.exe[892] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[892] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[892] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 003E1014
.text C:\WINDOWS\system32\Ati2evxx.exe[892] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\Ati2evxx.exe[892] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[892] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[892] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 003E0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[892] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[892] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[892] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\svchost.exe[1056] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1056] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1056] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1056] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 00300E10
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[1056] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\svchost.exe[1056] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08

[Well]

.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe[1332] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe[1332] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe[1332] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe[1332] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe[1332] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe[1332] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe[1332] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe[1332] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe[1332] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe[1332] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 003F1014
.text C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe[1332] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 003F0804
.text C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe[1332] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 003F0A08
.text C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe[1332] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 003F0C0C
.text C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe[1332] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 003F0E10
.text C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe[1332] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003F01F8
.text C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe[1332] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003F03FC
.text C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe[1332] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1472] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1472] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1472] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1472] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1472] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1472] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1472] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1472] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1472] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1472] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 003E1014
.text C:\WINDOWS\system32\Ati2evxx.exe[1472] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1472] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1472] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1472] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 003E0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1472] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1472] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1472] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\Explorer.EXE[1592] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1592] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1592] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1592] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1592] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 00381014
.text C:\WINDOWS\Explorer.EXE[1592] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 00380804
.text C:\WINDOWS\Explorer.EXE[1592] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 00380A08
.text C:\WINDOWS\Explorer.EXE[1592] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 00380C0C
.text C:\WINDOWS\Explorer.EXE[1592] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 00380E10
.text C:\WINDOWS\Explorer.EXE[1592] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003801F8
.text C:\WINDOWS\Explorer.EXE[1592] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003803FC
.text C:\WINDOWS\Explorer.EXE[1592] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 00380600
.text C:\WINDOWS\Explorer.EXE[1592] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\Explorer.EXE[1592] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\Explorer.EXE[1592] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\Explorer.EXE[1592] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\Explorer.EXE[1592] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\Explorer.EXE[1592] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1668] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1668] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1668] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1792] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1792] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1792] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1792] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1792] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\spoolsv.exe[1792] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\spoolsv.exe[1792] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\spoolsv.exe[1792] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\spoolsv.exe[1792] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\spoolsv.exe[1792] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\spoolsv.exe[1792] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\spoolsv.exe[1792] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\spoolsv.exe[1792] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\spoolsv.exe[1792] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\spoolsv.exe[1792] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\spoolsv.exe[1792] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\spoolsv.exe[1792] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1904] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1904] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1904] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1904] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1904] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 003E1014
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1904] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 003E0804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1904] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 003E0A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1904] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 003E0C0C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1904] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 003E0E10
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1904] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003E01F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1904] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003E03FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1904] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 003E0600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1904] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1904] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1904] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1904] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1904] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\System32\svchost.exe[2004] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[2004] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2004] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[2004] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2004] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\svchost.exe[2004] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[2004] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[2004] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\svchost.exe[2004] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 00300E10
.text C:\WINDOWS\System32\svchost.exe[2004] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[2004] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[2004] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[2004] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\svchost.exe[2004] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\svchost.exe[2004] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\System32\svchost.exe[2004] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\svchost.exe[2004] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Documents and Settings\Pietro\Plocha\gmer\gmer.exe[2136] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Pietro\Plocha\gmer\gmer.exe[2136] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Documents and Settings\Pietro\Plocha\gmer\gmer.exe[2136] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Pietro\Plocha\gmer\gmer.exe[2136] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Documents and Settings\Pietro\Plocha\gmer\gmer.exe[2136] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 009C1014
.text C:\Documents and Settings\Pietro\Plocha\gmer\gmer.exe[2136] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 009C0804
.text C:\Documents and Settings\Pietro\Plocha\gmer\gmer.exe[2136] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 009C0A08
.text C:\Documents and Settings\Pietro\Plocha\gmer\gmer.exe[2136] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 009C0C0C
.text C:\Documents and Settings\Pietro\Plocha\gmer\gmer.exe[2136] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 009C0E10
.text C:\Documents and Settings\Pietro\Plocha\gmer\gmer.exe[2136] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 009C01F8
.text C:\Documents and Settings\Pietro\Plocha\gmer\gmer.exe[2136] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 009C03FC
.text C:\Documents and Settings\Pietro\Plocha\gmer\gmer.exe[2136] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 009C0600
.text C:\Documents and Settings\Pietro\Plocha\gmer\gmer.exe[2136] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804
.text C:\Documents and Settings\Pietro\Plocha\gmer\gmer.exe[2136] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08
.text C:\Documents and Settings\Pietro\Plocha\gmer\gmer.exe[2136] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600
.text C:\Documents and Settings\Pietro\Plocha\gmer\gmer.exe[2136] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8
.text C:\Documents and Settings\Pietro\Plocha\gmer\gmer.exe[2136] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC
.text C:\WINDOWS\System32\svchost.exe[2436] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[2436] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2436] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[2436] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2436] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 00300E10
.text C:\WINDOWS\System32\svchost.exe[2436] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[2436] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[2436] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[2436] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\svchost.exe[2436] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\svchost.exe[2436] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\System32\svchost.exe[2436] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\svchost.exe[2436] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[2500] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2500] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2500] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2500] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[2500] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[2500] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[2500] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[2500] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[2500] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[2500] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\Opera\opera.exe[3280] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\Opera\opera.exe[3280] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Opera\opera.exe[3280] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\Opera\opera.exe[3280] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Program Files\Opera\opera.exe[3280] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\Program Files\Opera\opera.exe[3280] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Opera\opera.exe[3280] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\Program Files\Opera\opera.exe[3280] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Opera\opera.exe[3280] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Opera\opera.exe[3280] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 003F1014
.text C:\Program Files\Opera\opera.exe[3280] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 003F0804
.text C:\Program Files\Opera\opera.exe[3280] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 003F0A08
.text C:\Program Files\Opera\opera.exe[3280] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 003F0C0C
.text C:\Program Files\Opera\opera.exe[3280] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 003F0E10
.text C:\Program Files\Opera\opera.exe[3280] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003F01F8
.text C:\Program Files\Opera\opera.exe[3280] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003F03FC
.text C:\Program Files\Opera\opera.exe[3280] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\wscntfy.exe[3480] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wscntfy.exe[3480] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3480] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wscntfy.exe[3480] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3480] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\wscntfy.exe[3480] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\wscntfy.exe[3480] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\wscntfy.exe[3480] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\wscntfy.exe[3480] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\wscntfy.exe[3480] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 00331014
.text C:\WINDOWS\system32\wscntfy.exe[3480] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 00330804
.text C:\WINDOWS\system32\wscntfy.exe[3480] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 00330A08
.text C:\WINDOWS\system32\wscntfy.exe[3480] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 00330C0C
.text C:\WINDOWS\system32\wscntfy.exe[3480] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 00330E10
.text C:\WINDOWS\system32\wscntfy.exe[3480] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003301F8
.text C:\WINDOWS\system32\wscntfy.exe[3480] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003303FC
.text C:\WINDOWS\system32\wscntfy.exe[3480] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 00330600
.text C:\WINDOWS\System32\alg.exe[3532] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[3532] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3532] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[3532] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3532] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\alg.exe[3532] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\alg.exe[3532] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\alg.exe[3532] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\alg.exe[3532] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\alg.exe[3532] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 00311014
.text C:\WINDOWS\System32\alg.exe[3532] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\alg.exe[3532] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\alg.exe[3532] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 00310C0C
.text C:\WINDOWS\System32\alg.exe[3532] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 00310E10
.text C:\WINDOWS\System32\alg.exe[3532] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\alg.exe[3532] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\alg.exe[3532] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 00310600
.text C:\WINDOWS\System32\svchost.exe[3820] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[3820] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3820] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[3820] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3820] ADVAPI32.dll!SetServiceObjectSecurity 77E26D89 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\svchost.exe[3820] ADVAPI32.dll!ChangeServiceConfigA 77E26E71 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[3820] ADVAPI32.dll!ChangeServiceConfigW 77E27009 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[3820] ADVAPI32.dll!ChangeServiceConfig2A 77E27109 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\svchost.exe[3820] ADVAPI32.dll!ChangeServiceConfig2W 77E27191 5 Bytes JMP 00300E10
.text C:\WINDOWS\System32\svchost.exe[3820] ADVAPI32.dll!CreateServiceA 77E27219 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[3820] ADVAPI32.dll!CreateServiceW 77E273B1 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[3820] ADVAPI32.dll!DeleteService 77E274B9 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[3820] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\svchost.exe[3820] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\svchost.exe[3820] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\System32\svchost.exe[3820] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\svchost.exe[3820] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8576E2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F74BCDDC] spus.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F74BCE30] spus.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7492042] spus.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F749213E] spus.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74920C0] spus.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7492800] spus.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74926D6] spus.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 852085E0
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74A1B90] spus.sys
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!swprintf] 001CBA86
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8986
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C8B
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!MmFreeMappingAddress] 96868801
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CB286
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!MmUnmapIoSpace] 88968B00
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IofCompleteRequest] 001CA496
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IofCallDriver] 001CC186
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] C286880C
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CC386
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C98
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!ObfDereferenceObject] 22F6E852
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!ZwClose] 1CB48E8D
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 000022E4
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoCreateDevice] 00001CA0
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 22D2E850
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!ZwOpenKey] 1CBC968D
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoStartTimer] 000022C0
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoInitializeTimer] 001CC38E
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CC58688
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC386
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C98
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2292E851
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CB4868D
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!MmUnlockPages] 00002280
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CC38E
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CC58688
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CC396
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CC5
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CC5
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CC68E
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC886
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoAllocateIrp] 11E85000
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000022
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CC08E
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!MmLockPagableDataSection] C4968B00
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CCC8E
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!ExFreePoolWithTag] D0968900
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!InitSafeBootMode] D4C68150
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!PoCallDriver] 0021E7E8
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a7wtm41m.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[524] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\WINDOWS\system32\services.exe[716] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002
IAT C:\WINDOWS\system32\services.exe[716] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8576A1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbohci \Device\USBPDO-0 855191F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 857DC1F8
Device \Driver\dmio \Device\DmControl\DmConfig 857DC1F8
Device \Driver\dmio \Device\DmControl\DmPnP 857DC1F8
Device \Driver\dmio \Device\DmControl\DmInfo 857DC1F8
Device \Driver\usbohci \Device\USBPDO-1 855191F8
Device \Driver\usbehci \Device\USBPDO-2 8550C1F8
Device \Driver\sptd \Device\1581245132 spus.sys
Device \Driver\PCI_PNP5132 \Device\00000047 spus.sys

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8576C1F8
Device \Driver\Cdrom \Device\CdRom0 855081F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F73C7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F73C7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F73C7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F73C7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F73C7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [F73C7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 855081F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 85375500
Device \Driver\NetBT \Device\NetbiosSmb 85375500

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbohci \Device\USBFDO-0 855191F8
Device \Driver\usbohci \Device\USBFDO-1 855191F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85587500
Device \Driver\usbehci \Device\USBFDO-2 8550C1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85587500
Device \Driver\NetBT \Device\NetBT_Tcpip_{027B091E-FEC6-4E12-A281-0785E9078639} 85375500
Device \Driver\Ftdisk \Device\FtControl 8576C1F8
Device \Driver\a7wtm41m \Device\Scsi\a7wtm41m1 851EF1F8
Device \Driver\a7wtm41m \Device\Scsi\a7wtm41m1Port4Path0Target0Lun0 851EF1F8
Device \FileSystem\Cdfs \Cdfs 853B9500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF5 0x74 0xB3 0xF0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x70 0x42 0x12 0x8F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF6 0xDC 0x52 0x5E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF5 0x74 0xB3 0xF0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x70 0x42 0x12 0x8F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF6 0xDC 0x52 0x5E ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----

[Rudy]

Stáhněte a spusťte Avenger: http://forum.viry.cz/viewtopic.php?f=11&t=19832 tímto skriptem:

Files to delete:
c:\windows\system32\DRIVERS\7228290drv.sys
c:\windows\system32\DRIVERS\51032920.sys

Drivers to delete:
7228290drv
51032920

[Well]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\windows\system32\DRIVERS\7228290drv.sys" not found!
Deletion of file "c:\windows\system32\DRIVERS\7228290drv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\DRIVERS\51032920.sys" not found!
Deletion of file "c:\windows\system32\DRIVERS\51032920.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\7228290drv" not found!
Deletion of driver "7228290drv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\51032920" not found!
Deletion of driver "51032920" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

[Rudy]

Takže už tam nejsou. Nastala nějaká změna?

[Well]

Vypadá to asi OK.. , rychlost je super, hláška s firewallem už taky neskáče...stažené věci stačí smazat ?

Oprava.. hned co se načetly všechny programy po spuštění pc.. hláška s firewallem skočila znovu.. nechapu proč furt skáče.. jinak ostatní věci zdají se být oK..

[Rudy]

Avenger a GMER smažte, OTM spusťte a klikněte na Cleanup. OTM po sobě uklidí. CF odinstalujte Start>spustit>(napsat) combofix /uninstall>OK. V centru zabezpečení je fw zapnutý, nebo vypnutý?

[Well]

Právě že zapnutý.. ovšem skáče klasické upozornění že firewall je vypnut.

[Rudy]

Jsou 2 možnosti. Provést obnovu systému k datu, kdy korektně fungoval, nebo hlášení vypnout v Centru zabezpečení.

[Rudy]

Dejte alespoň ten.

[Well]

No jelikož už předtím jak jsem psal že nevím kdy to nevyskakovalo jelikož notebook jsem rok a pul nevidel a asi stejně dlouho dobu neuvidím.. asi hlášení vypnu .. jinak teda děkuji za veškerou pomoc.. Bylo tam něco ? Co to bylo ? Bylo to ono co zpusobovalo ten pomalý OS ?

[Rudy]

Objevil jsem jen pár zbytečností, které patrně způsobovaly zpomalený chod. Ještě spusťte OTM a klikněte na Cleanup. OTM po sobě uklidí. GMER smažte. Nemáte zač!