VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu

https://forum.viry.cz:443/viewtopic.php?t=120701

Stránka 3 z 4

Re: Prosím o kontrolu logu

Napsal: 05 dub 2012 15:58
od encorejp
Provedl jsem checkdisk na všech ostatních discích.- žádné chyby.

Re: Prosím o kontrolu logu

Napsal: 05 dub 2012 17:43
od Rudy
Zkuste přeinstalovat ovladače k zákl. desce.

Re: Prosím o kontrolu logu

Napsal: 06 dub 2012 14:21
od encorejp
K přeinstalaci jsem se ještě nedostal. Ještě jeden poznatek-co se týče kopírování souborů z disku na disk, popř. v rámci jednoho disku.
Kopírování probíha "rychlostí" cca 1100 kB/s což je hrozné při procesoru AMD Phenom(tm) 8450 Triple-Core Processor, 2104 MHz
Dnes ,nebo zítra zkusím nové ovladače a ozvu se zda nastala změna.

Re: Prosím o kontrolu logu

Napsal: 06 dub 2012 16:47
od Rudy
OK, dejte vědět.

Re: Prosím o kontrolu logu

Napsal: 06 dub 2012 23:05
od encorejp
Tak zázrak se nekonal. Ovladače základní desky/ Gigabyte MA770-UD3/ přeinstalované /Lan, audio, Grafika/. Potíže stále stejné-pomalý start, pomalé spouštění programů, velmi pomalé kopírování souborů mezi interníma popř. v rámci jednoho disku.

Re: Prosím o kontrolu logu

Napsal: 07 dub 2012 10:41
od Rudy
Důležité je přeinstalovat ovladač chipsetu.

Re: Prosím o kontrolu logu

Napsal: 08 dub 2012 09:30
od encorejp
Chipset jsem samozřejmě také přeinstaloval. Pokrok žádný.

Re: Prosím o kontrolu logu

Napsal: 08 dub 2012 10:16
od Rudy
Co jste instaloval těsně před tím, než se problém objevil?

Re: Prosím o kontrolu logu

Napsal: 08 dub 2012 14:40
od encorejp
Bohužel si nevzpomínám, nic extra jsem neinstaloval. V poslední době aktualizuji běžné programy, jako je ccleaner, skype, cdburnerxp, gom player, aimp player atd. Pravidelně aktualizuji windovs a office.

Re: Prosím o kontrolu logu

Napsal: 08 dub 2012 16:54
od Rudy
Jako jedna z posledních možností zbývá sken GMER: http://forum.viry.cz/viewtopic.php?f=29&t=62878 . Spusťte, nechte pracovat a dejte oba logy. Jedná se o kontrolu na rootkit.

Re: Prosím o kontrolu logu

Napsal: 09 dub 2012 12:11
od encorejp
Přidávám logy z Gmeru. Ono to asi skutečně vypadá na hardwarovou chybu. A zdá se, že systémový disk má svůj zenit za sebou.
Vzhledem k tomu, že druhý log má příliš znaků, posílám ho ve druhé odpovědi.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-09 10:16:32
Windows 5.1.2600 Service Pack 3 Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-24 ST340014A rev.8.01
Running: gmer.exe; Driver: C:\DOCUME~1\Jiri\LOCALS~1\Temp\uwkyqkow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA773628E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA77360F9]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA77ABD92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-24 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\arlss647 \Device\Scsi\arlss6471 8A60F1E8
Device \Driver\arlss647 \Device\Scsi\arlss6471Port4Path0Target0Lun0 8A60F1E8
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 8A80D1E8

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

Re: Prosím o kontrolu logu

Napsal: 09 dub 2012 12:16
od encorejp
druhý log z Gmeru-1. část
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-09 11:27:33
Windows 5.1.2600 Service Pack 3 Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-24 ST340014A rev.8.01
Running: gmer.exe; Driver: C:\DOCUME~1\Jiri\LOCALS~1\Temp\uwkyqkow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA7708DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA7795A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA770985E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA7735D5D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA770E2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA770E330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA770E422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA7735711]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA770E252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA770E374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA770E29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA770E3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA7708E44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA7736423]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA77366D9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA770B9A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA773628E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA77360F9]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA7795B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA7708AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA7708E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA770BD1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA7709B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA770E30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA770E352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA770E446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA7735A6D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA770E278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA770B518]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA770E3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA770E2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA770B74C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA770E400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA7795CA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA7735F74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA77099CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA7735DC6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA779FB68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA7734D84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA7708EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA7708F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA7708B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA7708CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA773652A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA7708C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA7708D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xA7795D60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA7708F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xA7795BE0]

INT 0x62 ? 8A80ECB8
INT 0x73 ? 8A80ECB8
INT 0x73 ? 8A80ECB8
INT 0x83 ? 8A6ACCB8
INT 0x83 ? 8A6ACCB8
INT 0x83 ? 8A6ACCB8
INT 0xA4 ? 8A6ACCB8
INT 0xB4 ? 8A6ACCB8
INT 0xB4 ? 8A6ACCB8
INT 0xB4 ? 8A6ACCB8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA77ABD92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL A770A19F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP A77A8C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP A77AA74C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP A77ABD96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB9FA1089]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB5582000, 0x235297, 0xE8000020]
.text USBPORT.SYS!DllUnload B54C78AC 5 Bytes JMP 8A6AC1C8
.text arlss647.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 B5464900 48 Bytes [AF, D9, 9C, 7F, 87, C8, A5, ...]
? C:\WINDOWS\System32\Drivers\arlss647.SYS suspicious PE modification
.text win32k.sys!EngFreeUserMem + 674 BF8098F2 5 Bytes JMP A770D180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C84E 5 Bytes JMP A770D07C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138E6 5 Bytes JMP A770D036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C550 5 Bytes JMP A770C724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240C0 5 Bytes JMP A770BF84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A2A 5 Bytes JMP A770D2EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831475 5 Bytes JMP A770D4F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF839EB3 5 Bytes JMP A770CF3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851745 5 Bytes JMP A770BE66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC6A 5 Bytes JMP A770C7E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2D4 5 Bytes JMP A770C384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E35F 5 Bytes JMP A770C562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5D2 5 Bytes JMP A770BE4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649A1 5 Bytes JMP A770D0BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873CF0 5 Bytes JMP A770C51C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890FA2 5 Bytes JMP A770C7FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF89454D 5 Bytes JMP A770D232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895025 5 Bytes JMP A770D450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3857 BF89C3CB 5 Bytes JMP A770C70C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89D960 5 Bytes JMP A770BFF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C1EE0 5 Bytes JMP A770C104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA342 5 Bytes JMP A770C1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA5C2 5 Bytes JMP A770C2E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC017 5 Bytes JMP A770BD52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB3D BF8F5016 5 Bytes JMP A770C73C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF913566 5 Bytes JMP A770BF22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF91413A 5 Bytes JMP A770C0B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F2C BF916AB3 5 Bytes JMP A770C67C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1940 BF946632 5 Bytes JMP A770D3A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 004C1014
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 004C0804
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 004C0A08
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 004C0C0C
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 004C0E10
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004C01F8
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004C03FC
.text C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe[380] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 004C0600
.text C:\WINDOWS\Explorer.EXE[504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[504] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[504] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[504] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\Explorer.EXE[504] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\Explorer.EXE[504] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\Explorer.EXE[504] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\Explorer.EXE[504] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\Explorer.EXE[504] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\Explorer.EXE[504] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\Explorer.EXE[504] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\spoolsv.exe[660] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\spoolsv.exe[660] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[720] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[980] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe[1092] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\csrss.exe[1100] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1100] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1144] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\winlogon.exe[1144] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\winlogon.exe[1144] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\winlogon.exe[1144] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\winlogon.exe[1144] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\winlogon.exe[1144] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\winlogon.exe[1144] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\services.exe[1196] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1196] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1196] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\services.exe[1196] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\services.exe[1196] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\services.exe[1196] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\services.exe[1196] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\services.exe[1196] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\services.exe[1196] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\lsass.exe[1208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1208] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\lsass.exe[1208] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\lsass.exe[1208] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\lsass.exe[1208] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\lsass.exe[1208] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\lsass.exe[1208] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1384] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1436] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1524] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\svchost.exe[1644] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\svchost.exe[1644] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\svchost.exe[1644] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\System32\svchost.exe[1644] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\svchost.exe[1644] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[1692] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\VM_STI.EXE[1740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\VM_STI.EXE[1740] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\VM_STI.EXE[1740] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\VM_STI.EXE[1740] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\VM_STI.EXE[1740] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\WINDOWS\VM_STI.EXE[1740] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\WINDOWS\VM_STI.EXE[1740] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\WINDOWS\VM_STI.EXE[1740] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\VM_STI.EXE[1740] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\WINDOWS\VM_STI.EXE[1740] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[1816] ADVAPI32.dll!DeleteService

Re: Prosím o kontrolu logu

Napsal: 09 dub 2012 12:17
od encorejp
druhý log z Gmeru 2. část

.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1820] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2036] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2036] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\RTHDCPL.EXE[2092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\RTHDCPL.EXE[2092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC
.text C:\WINDOWS\RTHDCPL.EXE[2092] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600
.text C:\WINDOWS\RTHDCPL.EXE[2092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\RTHDCPL.EXE[2092] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\RTHDCPL.EXE[2092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\RTHDCPL.EXE[2092] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\RTHDCPL.EXE[2092] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Messenger\msmsgs.exe[2104] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\Program Files\Messenger\msmsgs.exe[2104] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[2104] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\Program Files\Messenger\msmsgs.exe[2104] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC
.text C:\Program Files\Messenger\msmsgs.exe[2104] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600
.text C:\Program Files\Messenger\msmsgs.exe[2104] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00330804
.text C:\Program Files\Messenger\msmsgs.exe[2104] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00330A08
.text C:\Program Files\Messenger\msmsgs.exe[2104] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00330600
.text C:\Program Files\Messenger\msmsgs.exe[2104] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003301F8
.text C:\Program Files\Messenger\msmsgs.exe[2104] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003303FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2124] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\ctfmon.exe[2128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[2128] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2128] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[2128] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\ctfmon.exe[2128] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\ctfmon.exe[2128] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\ctfmon.exe[2128] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\ctfmon.exe[2128] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\ctfmon.exe[2128] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\ctfmon.exe[2128] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\ctfmon.exe[2128] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2132] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00760804
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00760A08
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00760600
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 007601F8
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 007603FC
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00771014
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00770804
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00770A08
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00770C0C
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00770E10
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 007701F8
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 007703FC
.text C:\Program Files\Spamihilator\spamihilator.exe[2272] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00770600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2296] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2408] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3500] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\alg.exe[3776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[3776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[3776] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3776] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\alg.exe[3776] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\alg.exe[3776] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\alg.exe[3776] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\alg.exe[3776] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009C1014
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009C0804
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009C0A08
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009C0C0C
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009C0E10
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009C01F8
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009C03FC
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009C0600
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8
.text C:\Documents and Settings\Jiri\Plocha\gmer.exe[3940] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B9E8F232] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B9E8E730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B9E8EF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9E8E730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9E8E914] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9E8E856] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9E8F0F0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9E8EF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EA2EA6] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\WINDOWS\system32\services.exe[1196] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002
IAT C:\WINDOWS\system32\services.exe[1196] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2036] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 8A80D1E8

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\PCI_PNP1994 \Device\00000043 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
Device \Driver\PCI_PNP1994 \Device\00000043 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
Device \Driver\usbohci \Device\USBPDO-0 8A6BB1E8
Device \Driver\usbohci \Device\USBPDO-1 8A6BB1E8
Device \Driver\usbehci \Device\USBPDO-2 8A6BA1E8
Device \Driver\usbohci \Device\USBPDO-3 8A6BB1E8
Device \Driver\usbohci \Device\USBPDO-4 8A6BB1E8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbehci \Device\USBPDO-5 8A6BA1E8
Device \Driver\usbohci \Device\USBPDO-6 8A6BB1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \Driver\Cdrom \Device\CdRom0 8A7CE1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-24 [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [B9E1FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A7CE1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{924CFA2A-B73A-4E06-9D92-BC128E64ACFC} 89503430
Device \Driver\NetBT \Device\NetBt_Wins_Export 89503430
Device \Driver\NetBT \Device\NetbiosSmb 89503430

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbohci \Device\USBFDO-0 8A6BB1E8
Device \Driver\usbohci \Device\USBFDO-1 8A6BB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 894F51E8
Device \Driver\usbehci \Device\USBFDO-2 8A6BA1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 894F51E8
Device \Driver\usbohci \Device\USBFDO-3 8A6BB1E8
Device \Driver\usbohci \Device\USBFDO-4 8A6BB1E8
Device \Driver\usbehci \Device\USBFDO-5 8A6BA1E8
Device \Driver\usbohci \Device\USBFDO-6 8A6BB1E8
Device \Driver\arlss647 \Device\Scsi\arlss6471 8A60F1E8
Device \Driver\arlss647 \Device\Scsi\arlss6471Port4Path0Target0Lun0 8A60F1E8
Device \FileSystem\Cdfs \Cdfs 894D01E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0xCA 0xBB 0x86 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x26 0x04 0x8D 0x31 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x49 0x6C 0x45 0x5D ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF2 0x68 0x2F 0x89 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCE 0x13 0x70 0xFA ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x74 0x55 0xBE 0xE1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0xCA 0xBB 0x86 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x26 0x04 0x8D 0x31 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x49 0x6C 0x45 0x5D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF2 0x68 0x2F 0x89 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCE 0x13 0x70 0xFA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x74 0x55 0xBE 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0xCA 0xBB 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x26 0x04 0x8D 0x31 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x49 0x6C 0x45 0x5D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF2 0x68 0x2F 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCE 0x13 0x70 0xFA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x74 0x55 0xBE 0xE1 ...

---- EOF - GMER 1.0.15 ----

Re: Prosím o kontrolu logu

Napsal: 09 dub 2012 15:43
od Rudy
Logy vypadají OK. Buď jde o hw chybu, nebo je to nějaká systémová chyba. Pokud chcete, zkuste opravu systému z instal. média.

Re: Prosím o kontrolu logu

Napsal: 09 dub 2012 17:25
od encorejp
Každopádně děkuju za podporu a zkusím se s tím ještě porvat.
Všechny časy jsou v UTC+01:00
Stránka 3 z 4

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz