VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Vir na flash disku?

https://forum.viry.cz:443/viewtopic.php?t=112308

Stránka 2 z 5

Re: Vir na flash disku?

Napsal: 09 čer 2011 00:17
od burinek
Logy z Gmeru:

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-08 23:26:42
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000070 ST3200826AS rev.3.03
Running: gmer.exe; Driver: C:\DOCUME~1\JENK~1\LOCALS~1\Temp\awtdrpog.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 PE file @ sector 390700800

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB0A45BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB0A45A5D]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB0A9D902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

Re: Vir na flash disku?

Napsal: 09 čer 2011 00:19
od burinek
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-09 01:15:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000070 ST3200826AS rev.3.03
Running: gmer.exe; Driver: C:\DOCUME~1\JENK~1\LOCALS~1\Temp\awtdrpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB0A21202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB0A87CB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB0A456C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB0A2381C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB0A23874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB0A2398A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB0A45075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB0A23772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB0A238C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB0A237C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB0A23938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB0A21226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB0A45D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB0A4603D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB0A23C0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB0A45BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB0A45A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB0A87D62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB0A20FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB0A2124A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB0A23D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB0A21CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB0A2384C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB0A2389C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB0A239B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB0A453D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB0A2379E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB0A23A46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB0A23904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB0A237F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB0A23B2A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB0A23962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB0A87DFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB0A458D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB0A21BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB0A4572A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB0A90E48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB0A446E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB0A2126E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB0A21292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB0A2104A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB0A21186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB0A45E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB0A21162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB0A211AA]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB0BBB620]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB0A212B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB0A9D902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 26B4 80501EEC 4 Bytes [E8, 46, A4, B0]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B8EC 4 Bytes CALL B0A22335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1DB4 5 Bytes JMP B0A992BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8C2C 5 Bytes JMP B0A9AD5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C74CC 7 Bytes JMP B0A9D906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7D9A360, 0x307F47, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP B0A24CCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B0A24BDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 783B BF824157 5 Bytes JMP B0A23F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP B0A24E38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP B0A25040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP B0A24B4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 5F35 BF857E69 5 Bytes JMP B0A23FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 5 Bytes JMP B0A241AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP B0A24352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 5 Bytes JMP B0A23E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 5 Bytes JMP B0A24C04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 5 Bytes JMP B0A24F9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 5 Bytes JMP B0A2432A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP B0A23E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 5 Bytes JMP B0A24D80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 450 BF8C3048 5 Bytes JMP B0A2406A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 5 Bytes JMP B0A240DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP B0A24114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 5 Bytes JMP B0A23DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP B0A23F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2586 BF914AF3 5 Bytes JMP B0A24034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP B0A2446C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP B0A24EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[292] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[292] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[292] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[292] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[292] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[292] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[292] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[292] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[292] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[292] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[364] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[364] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[364] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[364] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[364] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[364] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[364] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[364] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[364] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[364] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[364] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[364] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[364] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[364] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[364] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[364] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[364] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\Explorer.EXE[404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[404] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\Explorer.EXE[404] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\Explorer.EXE[404] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\Explorer.EXE[404] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\Explorer.EXE[404] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\Explorer.EXE[404] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\Explorer.EXE[404] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\Explorer.EXE[404] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\Explorer.EXE[404] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\Explorer.EXE[404] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\Explorer.EXE[404] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\Explorer.EXE[404] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\Explorer.EXE[404] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\Explorer.EXE[404] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\Explorer.EXE[404] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\WINDOWS\system32\svchost.exe[472] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[472] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[472] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[472] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[472] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[472] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[472] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[472] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\spoolsv.exe[512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[512] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[512] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[512] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[512] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\spoolsv.exe[512] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\spoolsv.exe[512] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\spoolsv.exe[512] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\spoolsv.exe[512] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\spoolsv.exe[512] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\spoolsv.exe[512] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\spoolsv.exe[512] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\spoolsv.exe[512] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\spoolsv.exe[512] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\spoolsv.exe[512] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\spoolsv.exe[512] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\spoolsv.exe[512] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[712] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[712] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[956] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[956] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[956] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[956] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[956] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[956] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[956] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[956] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[956] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[956] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[956] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[956] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[956] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[956] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[956] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\A4Tech\Mouse\Amoumain.exe[956] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\System32\smss.exe[964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1032] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1032] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1032] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1032] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1032] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1032] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1032] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1032] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1032] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1032] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1032] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1032] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1032] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1032] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1032] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00420804
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00420A08
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00420600
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004201F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004203FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00431014
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00430804
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00430A08
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00430C0C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00430E10
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004301F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004303FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1040] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00430600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1088] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1088] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1088] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1088] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1088] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1088] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1088] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1088] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1088] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1088] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1088] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1088] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1088] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00450804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1088] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00450A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1088] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00450600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1088] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1088] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004503FC
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1096] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1096] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1096] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1096] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1096] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1096] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1096] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1096] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1096] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[1096] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Skype\Phone\Skype.exe[1104] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Skype\Phone\Skype.exe[1104] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Skype\Phone\Skype.exe[1104] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Skype\Phone\Skype.exe[1104] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Skype\Phone\Skype.exe[1104] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 026B1014
.text C:\Program Files\Skype\Phone\Skype.exe[1104] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 026B0804
.text C:\Program Files\Skype\Phone\Skype.exe[1104] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 026B0A08
.text C:\Program Files\Skype\Phone\Skype.exe[1104] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 026B0C0C
.text C:\Program Files\Skype\Phone\Skype.exe[1104] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 026B0E10
.text C:\Program Files\Skype\Phone\Skype.exe[1104] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 026B01F8
.text C:\Program Files\Skype\Phone\Skype.exe[1104] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 026B03FC
.text C:\Program Files\Skype\Phone\Skype.exe[1104] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 026B0600
.text C:\Program Files\Skype\Phone\Skype.exe[1104] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 026C0804
.text C:\Program Files\Skype\Phone\Skype.exe[1104] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 026C0A08
.text C:\Program Files\Skype\Phone\Skype.exe[1104] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 026C0600
.text C:\Program Files\Skype\Phone\Skype.exe[1104] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 026C01F8
.text C:\Program Files\Skype\Phone\Skype.exe[1104] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 026C03FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1116] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000501F8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1116] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1116] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000503FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1116] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1116] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002F0804
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1116] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002F0A08
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1116] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002F0600
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1116] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002F01F8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1116] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002F03FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1116] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1116] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1116] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1116] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1116] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1116] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1116] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1116] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\ctfmon.exe[1140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[1140] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[1140] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1140] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\ctfmon.exe[1140] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\ctfmon.exe[1140] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\ctfmon.exe[1140] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\ctfmon.exe[1140] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\ctfmon.exe[1140] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\ctfmon.exe[1140] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\ctfmon.exe[1140] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\ctfmon.exe[1140] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\ctfmon.exe[1140] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\ctfmon.exe[1140] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\ctfmon.exe[1140] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\ctfmon.exe[1140] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\ctfmon.exe[1140] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1152] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1152] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1152] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1152] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1152] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1152] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1152] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1152] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1152] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1152] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1152] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1152] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1152] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\csrss.exe[1316] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1316] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1344] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1344] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1344] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1344] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1344] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\winlogon.exe[1344] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\winlogon.exe[1344] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\winlogon.exe[1344] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\winlogon.exe[1344] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\winlogon.exe[1344] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\winlogon.exe[1344] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\winlogon.exe[1344] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\winlogon.exe[1344] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\winlogon.exe[1344] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\winlogon.exe[1344] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\winlogon.exe[1344] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\winlogon.exe[1344] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\services.exe[1416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1416] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1416] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\services.exe[1416] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\services.exe[1416] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\services.exe[1416] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\services.exe[1416] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\services.exe[1416] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\services.exe[1416] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\services.exe[1416] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\services.exe[1416] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\services.exe[1416] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\services.exe[1416] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\services.exe[1416] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\services.exe[1416] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\lsass.exe[1428] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1428] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1428] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1428] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1428] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\lsass.exe[1428] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\lsass.exe[1428] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\lsass.exe[1428] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\lsass.exe[1428] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\lsass.exe[1428] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\lsass.exe[1428] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\lsass.exe[1428] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\lsass.exe[1428] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\lsass.exe[1428] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\lsass.exe[1428] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\lsass.exe[1428] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\lsass.exe[1428] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804

Re: Vir na flash disku?

Napsal: 09 čer 2011 00:20
od burinek
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1680] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1680] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1680] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1680] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1680] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1680] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\Secunia\PSI\sua.exe[1756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Secunia\PSI\sua.exe[1756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Secunia\PSI\sua.exe[1756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Secunia\PSI\sua.exe[1756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Secunia\PSI\sua.exe[1756] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Secunia\PSI\sua.exe[1756] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Secunia\PSI\sua.exe[1756] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Secunia\PSI\sua.exe[1756] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Secunia\PSI\sua.exe[1756] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Secunia\PSI\sua.exe[1756] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Secunia\PSI\sua.exe[1756] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Secunia\PSI\sua.exe[1756] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\System32\svchost.exe[1776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1776] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1776] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\svchost.exe[1776] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[1776] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[1776] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\svchost.exe[1776] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\System32\svchost.exe[1776] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[1776] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[1776] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[1776] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\svchost.exe[1776] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\svchost.exe[1776] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\System32\svchost.exe[1776] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\svchost.exe[1776] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1812] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1812] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1812] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1812] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1812] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2000] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00411014
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2000] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00410804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2000] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00410A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2000] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00410C0C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2000] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00410E10
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2000] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004101F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2000] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004103FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2000] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00410600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2000] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00420804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2000] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00420A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2000] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00420600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2000] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004201F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2000] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004203FC
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[2072] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[2072] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[2072] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[2072] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[2072] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[2072] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[2072] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[2072] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[2072] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[2072] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[2072] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[2072] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[2072] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[2072] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[2072] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[2072] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[2072] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2220] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2220] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2220] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2220] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2220] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Java\jre6\bin\jqs.exe[2220] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2220] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2220] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2220] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[2220] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2220] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2220] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2220] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2220] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2220] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2220] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2220] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Documents and Settings\Jeník\Plocha\gmer.exe[2288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Jeník\Plocha\gmer.exe[2288] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Jeník\Plocha\gmer.exe[2288] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Jeník\Plocha\gmer.exe[2288] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Jeník\Plocha\gmer.exe[2288] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002B0804
.text C:\Documents and Settings\Jeník\Plocha\gmer.exe[2288] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002B0A08
.text C:\Documents and Settings\Jeník\Plocha\gmer.exe[2288] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002B0600
.text C:\Documents and Settings\Jeník\Plocha\gmer.exe[2288] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002B01F8
.text C:\Documents and Settings\Jeník\Plocha\gmer.exe[2288] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002B03FC
.text C:\Documents and Settings\Jeník\Plocha\gmer.exe[2288] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002A1014
.text C:\Documents and Settings\Jeník\Plocha\gmer.exe[2288] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002A0804
.text C:\Documents and Settings\Jeník\Plocha\gmer.exe[2288] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002A0A08
.text C:\Documents and Settings\Jeník\Plocha\gmer.exe[2288] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002A0C0C
.text C:\Documents and Settings\Jeník\Plocha\gmer.exe[2288] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002A0E10
.text C:\Documents and Settings\Jeník\Plocha\gmer.exe[2288] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002A01F8
.text C:\Documents and Settings\Jeník\Plocha\gmer.exe[2288] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002A03FC
.text C:\Documents and Settings\Jeník\Plocha\gmer.exe[2288] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002A0600
.text C:\Program Files\Kooperativa\Services\KoopPDFServer.exe[2464] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Kooperativa\Services\KoopPDFServer.exe[2464] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Kooperativa\Services\KoopPDFServer.exe[2464] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Kooperativa\Services\KoopPDFServer.exe[2464] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Kooperativa\Services\KoopPDFServer.exe[2464] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014
.text C:\Program Files\Kooperativa\Services\KoopPDFServer.exe[2464] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804
.text C:\Program Files\Kooperativa\Services\KoopPDFServer.exe[2464] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08
.text C:\Program Files\Kooperativa\Services\KoopPDFServer.exe[2464] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C
.text C:\Program Files\Kooperativa\Services\KoopPDFServer.exe[2464] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10
.text C:\Program Files\Kooperativa\Services\KoopPDFServer.exe[2464] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8
.text C:\Program Files\Kooperativa\Services\KoopPDFServer.exe[2464] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC
.text C:\Program Files\Kooperativa\Services\KoopPDFServer.exe[2464] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600
.text C:\Program Files\Kooperativa\Services\KoopPDFServer.exe[2464] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\Program Files\Kooperativa\Services\KoopPDFServer.exe[2464] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Kooperativa\Services\KoopPDFServer.exe[2464] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\Program Files\Kooperativa\Services\KoopPDFServer.exe[2464] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Kooperativa\Services\KoopPDFServer.exe[2464] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2544] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2544] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2544] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2544] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2544] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2544] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2544] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2544] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2544] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2544] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2544] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2544] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2544] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2544] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2544] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2544] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\nvsvc32.exe[2752] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\nvsvc32.exe[2752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[2752] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\nvsvc32.exe[2752] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[2752] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\nvsvc32.exe[2752] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\nvsvc32.exe[2752] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\nvsvc32.exe[2752] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\nvsvc32.exe[2752] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\nvsvc32.exe[2752] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\WINDOWS\system32\nvsvc32.exe[2752] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\nvsvc32.exe[2752] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\nvsvc32.exe[2752] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\system32\nvsvc32.exe[2752] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\WINDOWS\system32\nvsvc32.exe[2752] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\nvsvc32.exe[2752] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\nvsvc32.exe[2752] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\PnkBstrA.exe[2780] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\PnkBstrA.exe[2780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrA.exe[2780] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\PnkBstrA.exe[2780] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrA.exe[2780] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014
.text C:\WINDOWS\system32\PnkBstrA.exe[2780] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\PnkBstrA.exe[2780] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\PnkBstrA.exe[2780] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\system32\PnkBstrA.exe[2780] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10
.text C:\WINDOWS\system32\PnkBstrA.exe[2780] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\PnkBstrA.exe[2780] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\PnkBstrA.exe[2780] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\PnkBstrA.exe[2780] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\PnkBstrA.exe[2780] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\PnkBstrA.exe[2780] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\PnkBstrA.exe[2780] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\PnkBstrA.exe[2780] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2828] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2828] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2828] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2828] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2828] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2828] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2828] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2828] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2828] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2828] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2828] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2828] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2828] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2828] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\System32\alg.exe[2896] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2896] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2896] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2896] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00410804
.text C:\WINDOWS\System32\alg.exe[2896] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00410A08
.text C:\WINDOWS\System32\alg.exe[2896] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00410600
.text C:\WINDOWS\System32\alg.exe[2896] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004101F8
.text C:\WINDOWS\System32\alg.exe[2896] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004103FC
.text C:\WINDOWS\System32\alg.exe[2896] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00421014
.text C:\WINDOWS\System32\alg.exe[2896] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00420804
.text C:\WINDOWS\System32\alg.exe[2896] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00420A08
.text C:\WINDOWS\System32\alg.exe[2896] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00420C0C
.text C:\WINDOWS\System32\alg.exe[2896] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00420E10
.text C:\WINDOWS\System32\alg.exe[2896] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004201F8
.text C:\WINDOWS\System32\alg.exe[2896] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004203FC
.text C:\WINDOWS\System32\alg.exe[2896] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00420600
.text C:\Program Files\Secunia\PSI\PSIA.exe[2944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[2944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[2944] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[2944] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[2944] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\Secunia\PSI\PSIA.exe[2944] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\Secunia\PSI\PSIA.exe[2944] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\Secunia\PSI\PSIA.exe[2944] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Secunia\PSI\PSIA.exe[2944] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\Secunia\PSI\PSIA.exe[2944] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[2944] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[2944] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\Program Files\Secunia\PSI\PSIA.exe[2944] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00500804
.text C:\Program Files\Secunia\PSI\PSIA.exe[2944] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00500A08
.text C:\Program Files\Secunia\PSI\PSIA.exe[2944] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00500600
.text C:\Program Files\Secunia\PSI\PSIA.exe[2944] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005001F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[2944] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005003FC
.text C:\WINDOWS\system32\svchost.exe[3236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[3236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[3236] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3236] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[3236] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[3236] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[3236] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[3236] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[3236] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[3236] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[3236] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[3236] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[3236] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[3236] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[3236] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[3236] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3508] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3508] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3508] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3508] user32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3508] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3508] user32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3508] user32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3508] advapi32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3508] advapi32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3508] advapi32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3508] advapi32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3508] advapi32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3508] advapi32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3508] advapi32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3508] advapi32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\Program Files\Opera\opera.exe[3588] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Opera\opera.exe[3588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Opera\opera.exe[3588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Opera\opera.exe[3588] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Opera\opera.exe[3588] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 005E0804
.text C:\Program Files\Opera\opera.exe[3588] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 005E0A08
.text C:\Program Files\Opera\opera.exe[3588] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 005E0600
.text C:\Program Files\Opera\opera.exe[3588] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005E01F8
.text C:\Program Files\Opera\opera.exe[3588] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005E03FC
.text C:\Program Files\Opera\opera.exe[3588] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 005F1014
.text C:\Program Files\Opera\opera.exe[3588] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 005F0804
.text C:\Program Files\Opera\opera.exe[3588] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 005F0A08
.text C:\Program Files\Opera\opera.exe[3588] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 005F0C0C
.text C:\Program Files\Opera\opera.exe[3588] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 005F0E10
.text C:\Program Files\Opera\opera.exe[3588] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005F01F8
.text C:\Program Files\Opera\opera.exe[3588] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005F03FC
.text C:\Program Files\Opera\opera.exe[3588] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 005F0600

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01C42F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01C42DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01C42D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01C42DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\services.exe[1416] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002
IAT C:\WINDOWS\system32\services.exe[1416] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000
IAT C:\Documents and Settings\Jeník\Plocha\gmer.exe[2288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Jeník\Plocha\gmer.exe[2288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Jeník\Plocha\gmer.exe[2288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Jeník\Plocha\gmer.exe[2288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Opera\opera.exe[3588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B32F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Opera\opera.exe[3588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B32DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Opera\opera.exe[3588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B32D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Opera\opera.exe[3588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B32DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x61 0x55 0xED 0x3A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4D 0xF3 0xAD 0xE2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC2 0xE3 0x38 0xD2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x61 0x55 0xED 0x3A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4D 0xF3 0xAD 0xE2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xAB 0x44 0x90 0xF3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x61 0x55 0xED 0x3A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4D 0xF3 0xAD 0xE2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC2 0xE3 0x38 0xD2 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 PE file @ sector 390700800

---- EOF - GMER 1.0.15 ----

Re: Vir na flash disku?

Napsal: 09 čer 2011 00:26
od burinek
Bohužel se mi však nezadařila provést akce s mbr. Když jsem zadal Vámi poslaný příkaz do okna pro spuštění, tak na mě vyskočila hláška, že: "C:\Documents and Settings\Jeník\desktop odkazuje na umístění, které již není k dispozici. Umístění může být na pevném disku tohoto počítače nebo v síti. Ujistěte se, že je disk řádně vložen a že jste připojeni k Internetu nebo k síti a akci opakujte. Pokud stále nelze umístění najít, je možné, že bylo přesunuto jinam."

Takže výše uvedené logy z Gmeru jsou provedeny po vynechání akce s mbr.

Re: Vir na flash disku?

Napsal: 09 čer 2011 05:39
od cernohous13
Trochu to upravíme :wink:
vyosek píše: :arrow: Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe ale nespoustejte

:arrow: Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
  • Vyskoci na Vas okenko, do ktereho zkopirujte text nize

  • Kód: Vybrat vše

    "%userprofile%\Plocha\mbr" -t -s
  • Kliknete na OK
  • Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

Re: Vir na flash disku?

Napsal: 09 čer 2011 08:15
od burinek
Log z mbr.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3200826AS rev.3.03 -> Harddisk0\DR0 -> \Device\00000070

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
C:\WINDOWS\system32\drivers\nvata.sys NVIDIA Corporation NVIDIA nForce(TM) IDE Driver
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8A383AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000071[0x8A385BA0]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000070[0x8A329030]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user & kernel MBR OK

Re: Vir na flash disku?

Napsal: 09 čer 2011 08:40
od vyosek
Logy vypadaji ciste, jak se chova PC :???:

Re: Vir na flash disku?

Napsal: 09 čer 2011 08:44
od burinek
Počítač se chová standardně. Ale výše popsaný problém s flash klíči se nezměnil. :(

Re: Vir na flash disku?

Napsal: 09 čer 2011 08:53
od vyosek
Zkuste tento postup
herodeso píše: Problém ktorý opisuje "burinek" som mal predčasom. Ide o to že na napadnutom kľúči sa staré adresáre nastavia s atributom skrytý a miesto nich sa vytvoria súbory s ikonou adresára ale sú to exe súbory ktoré pri každom otvorení tohto "adresára" zavedú na PC nejakú háveď. Ja som to riešil skopírovaním všetkých dát, manuálne vytvorenie nových adresárov s tým istým menom a do nich nakopírovať obsah tých adresárov, samozrejme na už naformátovanú flashku. Myslím že atribút tých adresárov sa nedal zmeniť.

Re: Vir na flash disku?

Napsal: 09 čer 2011 09:02
od burinek
Vypadá to dost podobně. Když na té flashce zvolím VLASTNOSTI některé složky (jejího nově vytvořeného zástupce), tak v záložce "Zástupce" se zobrazí:

Typ cíle: Aplikace,
Umístění cíle: system32,
Cíl: %windir%\system32\cmd.exe /c "start %cd%RECYCLER\0xA25D5DBD.exe &&%windir%\explorer.exe %cd%Diplomka

Re: Vir na flash disku?

Napsal: 09 čer 2011 09:07
od burinek
Když však dám v možnostech složky zobrazit skryté soubory a složky, tak se mi původní složky (s atributem "skrytý") nezobrazí - tak jak píše "herodeso". Nevím tedy, jak aplikovat jeho postup?

Re: Vir na flash disku?

Napsal: 09 čer 2011 09:08
od vyosek
Zapojte ty flash disky a aplikujte MBAM - navod v mem podpise

Re: Vir na flash disku?

Napsal: 09 čer 2011 09:23
od burinek
Log z rychlé kontroly:

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9.6.2011 10:22:10
mbam-log-2011-06-09 (10-22-10).txt

Typ: Rychlá kontrola
Kontrolované objekty: 155441
Uplynulý čas: 4 minut, 39 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Re: Vir na flash disku?

Napsal: 09 čer 2011 09:27
od vyosek
Jeste udelejte kompletni kontrolu...

Re: Vir na flash disku?

Napsal: 09 čer 2011 11:15
od burinek
Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9.6.2011 11:40:44
mbam-log-2011-06-09 (11-40-44).txt

Typ: Úplná kontrola (C:\|D:\|H:\|I:\|)
Kontrolované objekty: 334429
Uplynulý čas: 1 hodin, 11 minut, 51 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Všechny časy jsou v UTC+01:00
Stránka 2 z 5

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz