Re: pomalý internet
Napsal: 06 pro 2011 22:48
a tu je druhý 1. polovica s neho
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-06 22:40:48
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST3120026A rev.8.01
Running: gmer.exe; Driver: C:\DOCUME~1\marika\LOCALS~1\Temp\uwtdypod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB6D52FC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB6DB7510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB6D766A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB6D55456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB6D554AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB6D555C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB6D7605D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB6D553AC]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xF8496B00]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB6D554FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB6D55400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB6D55572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB6D52FE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB6D76D6F]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB6D77025]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB6D55848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB6D76BDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB6D76A45]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB6DB75C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB6D52DB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB6D5300C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB6D559BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB6D53AA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB6D55486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB6D554D6]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenFile [0xF8496B40]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB6D555EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB6D763B9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB6D553D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB6D55680]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB6D5553E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB6D5542E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB6D55764]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB6D5559C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB6DB7658]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB6D768C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB6D5396A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB6D76712]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB6DBF9E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB6D756D0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB6D53030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB6D53054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB6D52E0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB6D52F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB6D76E76]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB6D52F24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB6D52F6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB6D53078]
INT 0x62 ? 82FDBBF8
INT 0x82 ? 82FDBBF8
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB6DCB7A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 140 804E279C 4 Bytes CALL A804FCD0
.text ntoskrnl.exe!_abnormal_termination + 214 804E2870 16 Bytes [86, 54, D5, B6, D6, 54, D5, ...] {XCHG [EBP+EDX*8-0x4a], DL; SALC ; PUSH ESP; AAD 0xb6; INC EAX; IMUL ECX, [ECX-0x8], 0xee; PUSH EBP; AAD 0xb6}
PAGE ntoskrnl.exe!ObInsertObject 80564423 5 Bytes JMP B6DCA15C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80569DFA 4 Bytes CALL B6D5400F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 80581F0E 7 Bytes JMP B6DCB7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A1142 5 Bytes JMP B6DC869C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? sphc.sys Systém nemůže nalézt uvedený soubor. !
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF87ECE1E]
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E90F 5 Bytes JMP B6D55AD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 4EF BF8314D1 5 Bytes JMP B6D55B9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + E0A3 BF84CCE4 5 Bytes JMP B6D55C0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 413A BF88D250 5 Bytes JMP B6D55F76 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 4006 BF8B46A6 5 Bytes JMP B6D55DE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 4091 BF8B4731 5 Bytes JMP B6D55FBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 9A89 BF8BA129 5 Bytes JMP B6D55ABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 3E8 BF8C3205 5 Bytes JMP B6D55CA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 5039 BF8EDC73 5 Bytes JMP B6D55D14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 52B9 BF8EDEF3 5 Bytes JMP B6D55D4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 74EA BF8F0124 5 Bytes JMP B6D559F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1994 BF9127C2 5 Bytes JMP B6D55B56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2568 BF913396 5 Bytes JMP B6D55C6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EC7 BF915CF5 5 Bytes JMP B6D560D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\spoolsv.exe[300] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[300] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[300] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[300] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\spoolsv.exe[300] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\spoolsv.exe[300] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\spoolsv.exe[300] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\spoolsv.exe[300] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\spoolsv.exe[300] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[608] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[608] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[608] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[608] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[608] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003C1014
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003C0804
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003C0A08
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003C0C0C
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003C0E10
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003C01F8
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003C03FC
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003C0600
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D0600
.text C:\WINDOWS\System32\smss.exe[732] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003D1014
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003D0804
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003D0A08
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003D0C0C
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003D0E10
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003D01F8
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003D03FC
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\csrss.exe[796] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[820] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[820] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[820] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[864] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\services.exe[864] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\services.exe[864] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\services.exe[864] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\services.exe[864] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\services.exe[864] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000801F8
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000803FC
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00301014
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00300804
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00300A08
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00300C0C
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00300E10
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003001F8
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003003FC
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00300600
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003101F8
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003103FC
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00310804
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00310A08
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00310600
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003D1014
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003D0804
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003D0A08
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003D0C0C
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003D0E10
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003D01F8
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003D03FC
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003D0600
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D0600
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003E1014
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003E0804
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003E0A08
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003E0C0C
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003E0E10
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003E01F8
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003E03FC
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003E0600
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1156] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1156] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1228] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1228] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1228] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1228] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003D1014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003D0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003D0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003D0C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003D0E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003D01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003D03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003D0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] USER32.dll!SetWindowsHookExA
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-06 22:40:48
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST3120026A rev.8.01
Running: gmer.exe; Driver: C:\DOCUME~1\marika\LOCALS~1\Temp\uwtdypod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB6D52FC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB6DB7510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB6D766A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB6D55456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB6D554AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB6D555C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB6D7605D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB6D553AC]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xF8496B00]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB6D554FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB6D55400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB6D55572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB6D52FE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB6D76D6F]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB6D77025]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB6D55848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB6D76BDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB6D76A45]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB6DB75C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB6D52DB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB6D5300C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB6D559BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB6D53AA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB6D55486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB6D554D6]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenFile [0xF8496B40]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB6D555EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB6D763B9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB6D553D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB6D55680]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB6D5553E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB6D5542E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB6D55764]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB6D5559C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB6DB7658]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB6D768C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB6D5396A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB6D76712]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB6DBF9E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB6D756D0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB6D53030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB6D53054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB6D52E0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB6D52F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB6D76E76]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB6D52F24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB6D52F6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB6D53078]
INT 0x62 ? 82FDBBF8
INT 0x82 ? 82FDBBF8
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB6DCB7A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 140 804E279C 4 Bytes CALL A804FCD0
.text ntoskrnl.exe!_abnormal_termination + 214 804E2870 16 Bytes [86, 54, D5, B6, D6, 54, D5, ...] {XCHG [EBP+EDX*8-0x4a], DL; SALC ; PUSH ESP; AAD 0xb6; INC EAX; IMUL ECX, [ECX-0x8], 0xee; PUSH EBP; AAD 0xb6}
PAGE ntoskrnl.exe!ObInsertObject 80564423 5 Bytes JMP B6DCA15C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80569DFA 4 Bytes CALL B6D5400F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 80581F0E 7 Bytes JMP B6DCB7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A1142 5 Bytes JMP B6DC869C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? sphc.sys Systém nemůže nalézt uvedený soubor. !
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF87ECE1E]
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E90F 5 Bytes JMP B6D55AD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 4EF BF8314D1 5 Bytes JMP B6D55B9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + E0A3 BF84CCE4 5 Bytes JMP B6D55C0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 413A BF88D250 5 Bytes JMP B6D55F76 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 4006 BF8B46A6 5 Bytes JMP B6D55DE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 4091 BF8B4731 5 Bytes JMP B6D55FBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 9A89 BF8BA129 5 Bytes JMP B6D55ABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 3E8 BF8C3205 5 Bytes JMP B6D55CA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 5039 BF8EDC73 5 Bytes JMP B6D55D14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 52B9 BF8EDEF3 5 Bytes JMP B6D55D4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 74EA BF8F0124 5 Bytes JMP B6D559F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1994 BF9127C2 5 Bytes JMP B6D55B56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2568 BF913396 5 Bytes JMP B6D55C6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EC7 BF915CF5 5 Bytes JMP B6D560D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\spoolsv.exe[300] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[300] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[300] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[300] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\spoolsv.exe[300] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\spoolsv.exe[300] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\spoolsv.exe[300] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\spoolsv.exe[300] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\spoolsv.exe[300] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\spoolsv.exe[300] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[608] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[608] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[608] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[608] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[608] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003C1014
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003C0804
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003C0A08
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003C0C0C
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003C0E10
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003C01F8
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003C03FC
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003C0600
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe[640] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D0600
.text C:\WINDOWS\System32\smss.exe[732] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003D1014
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003D0804
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003D0A08
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003D0C0C
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003D0E10
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003D01F8
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003D03FC
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[744] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\csrss.exe[796] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[820] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[820] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[820] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\winlogon.exe[820] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[864] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[864] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\services.exe[864] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\services.exe[864] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\services.exe[864] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\services.exe[864] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\services.exe[864] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000801F8
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000803FC
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00301014
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00300804
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00300A08
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00300C0C
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00300E10
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003001F8
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003003FC
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00300600
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003101F8
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003103FC
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00310804
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00310A08
.text C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe[1096] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00310600
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003D1014
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003D0804
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003D0A08
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003D0C0C
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003D0E10
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003D01F8
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003D03FC
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1124] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003D0600
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D0600
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003E1014
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003E0804
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003E0A08
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003E0C0C
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003E0E10
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003E01F8
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003E03FC
.text C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe[1140] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003E0600
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1156] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1156] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1228] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1228] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1228] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1228] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003D1014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003D0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003D0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003D0C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003D0E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003D01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003D03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003D0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1428] USER32.dll!SetWindowsHookExA
nejde ani takto