Torna indietro   Hardware Upgrade Forum > Networking e sicurezza > Antivirus e Sicurezza > Aiuto sono infetto! Cosa faccio?
Ricarica la Pagina virus non trovato da avast??

Lenovo Legion Go 2: Ryzen Z2 Extreme e OLED 8,8'' per spingere gli handheld gaming PC al massimo
Lenovo Legion Go 2: Ryzen Z2 Extreme e OLED 8,8'' per spingere gli handheld gaming PC al massimo
Lenovo Legion Go 2 è la nuova handheld PC gaming con processore AMD Ryzen Z2 Extreme (8 core Zen 5/5c, GPU RDNA 3.5 16 CU) e schermo OLED 8,8" 1920x1200 144Hz. È dotata anche di controller rimovibili TrueStrike con joystick Hall effect e una batteria da 74Wh. Rispetto al dispositivo che l'ha preceduta, migliora ergonomia e prestazioni a basse risoluzioni, ma pesa 920g e costa 1.299€ nella configurazione con 32GB RAM/1TB SSD e Z2 Extreme
AWS re:Invent 2025: inizia l'era dell'AI-as-a-Service con al centro gli agenti
AWS re:Invent 2025: inizia l'era dell'AI-as-a-Service con al centro gli agenti
A re:Invent 2025, AWS mostra un’evoluzione profonda della propria strategia: l’IA diventa una piattaforma di servizi sempre più pronta all’uso, con agenti e modelli preconfigurati che accelerano lo sviluppo, mentre il cloud resta la base imprescindibile per governare dati, complessità e lock-in in uno scenario sempre più orientato all’hybrid cloud
Cos'è la bolla dell'IA e perché se ne parla
Cos'è la bolla dell'IA e perché se ne parla
Si parla molto ultimamente di "bolla dell'intelligenza artificiale", ma non è sempre chiaro perché: l'IA è una tecnologia molto promettente e che ha già cambiato molte cose dentro e fuori le aziende, ma ci sono enormi aspettative che stanno gonfiando a dismisura i valori delle azioni e distorcendo il mercato. Il che, com'è facile intuire, può portare a una ripetizione della "bolla dotcom", e forse anche di quella dei mutui subprime. Vediamo perché
SpaceX: un satellite ha fotografato il satellite Starlink 35956 danneggiato in orbita mostrando le sue condizioni
36 idee regalo con offerte Amazon sotto i 50€, arrivano prima di Natale (controllate ad una ad una)
Sony assume il controllo dei Peanuts: Snoopy diventa giapponese
DJI Neo scende a 149€ su Amazon, in versione Combo con accessori e 3 batterie a 259€ ma solo fino a mezzanotte
Scoperto un nuovo esopianeta che orbita intorno a due stelle, come Tatooine di Star Wars
Blue Origin NS-37: successo per la missione con un passeggero in sedia a rotelle oltre la linea di Kármán
Potrebbe essere stata rilevata una superkilonova: doppia, potente esplosione, spaziale
La cometa interstellare 3I/ATLAS è nel punto più vicino alla Terra a 269 milioni di chilometri
Xiaomi 17 Ultra: l'autonomia non sarà un problema
Il processo produttivo a 2 nm di TSMC è già sold out
L'atteso aggiornamento dei driver della GPU dei Pixel 10 è disponibile (in beta)
Tutti gli articoli Tutte le news

Vai al Forum
Pagina 1 di 2 1 2 >
Rispondi
 
Strumenti
Old 26-07-2007, 15:21   #1
smayor
Member
 
Iscritto dal: Jun 2007
Città: Treviso
Messaggi: 282
virus non trovato da avast??
come mi è stato consigliato qui http://www.hwupgrade.it/forum/showth...8#post18066408

mi è stato consigliato di postare un log eccolo
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.20.39, on 26/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
C:\Programmi\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD7BEE52-952B-4B41-9D33-0A9F2494CD1E}: NameServer = 193.12.150.2 212.247.152.2
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programmi\File comuni\LightScribe\LSSrvc.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe

--
End of file - 4731 bytes

secondo voi è proprio un virus? a me sembra strano!!
smayor è offline   Rispondi citando il messaggio o parte di esso
Old 26-07-2007, 15:29   #2
wizard1993
Senior Member
 
L'Avatar di wizard1993
 
Iscritto dal: Apr 2006
Messaggi: 22462
mi piacerebbe sapere su quali basi si basa la supposizione di chi ti ha spedito qui che tu abbia un virus;
fai una scan con panda antirootkit, ma i problemi sono ben altri
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza
wizard1993 è offline   Rispondi citando il messaggio o parte di esso
Old 26-07-2007, 16:44   #3
wizard1993
Senior Member
 
L'Avatar di wizard1993
 
Iscritto dal: Apr 2006
Messaggi: 22462
Quote:
Originariamente inviato da deepdark Guarda i messaggi
Prova a reinstallarlo, forse qualche aggiornamento lo ha fatto andare in palla. Ma con protezione web si intende la protezione da virus o quella specie di fw che ha avast?
entrambi
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza
wizard1993 è offline   Rispondi citando il messaggio o parte di esso
Old 26-07-2007, 16:47   #4
smayor
Member
 
Iscritto dal: Jun 2007
Città: Treviso
Messaggi: 282
e invece pare abbia ragione.
ho avviato gmer e mi da un processo nascosto di avast in rosso setup.ovr e a volte firefox.exe sempre in rosso. mi ha sballato le icone dei segnalibri di firefox e rallenta un pò il pc. ma ditemi un antirootkit per eliminarlo perchè con gmer non riesco!
smayor è offline   Rispondi citando il messaggio o parte di esso
Old 26-07-2007, 17:03   #5
smayor
Member
 
Iscritto dal: Jun 2007
Città: Treviso
Messaggi: 282
panda anti rootkit non ha trovato nulla ...mah...eppure se riattivo il modulo web di avast continua a non andarmi la navigazione web
smayor è offline   Rispondi citando il messaggio o parte di esso
Old 26-07-2007, 17:09   #6
smayor
Member
 
Iscritto dal: Jun 2007
Città: Treviso
Messaggi: 282
sto facendo lo scan online con totalscan di panda e avast mi è venuto fuori con questo
Sign of "Win32:CTX" has been found in "C:\WINDOWS\system32\Panda Software\ActiveScan2\pskavs.dll" file.
presumo sia un falso positivo...
o sbaglio?


ho fatto una scansione con total scan online e oltre a pochi cookie traccianti non mi ha trovato nulla....allora gmer mi dà un falso positivo???
resto con il dubbio...
Ultima modifica di smayor : 26-07-2007 alle 17:47.
smayor è offline   Rispondi citando il messaggio o parte di esso
Old 26-07-2007, 19:55   #7
wizard1993
Senior Member
 
L'Avatar di wizard1993
 
Iscritto dal: Apr 2006
Messaggi: 22462
Quote:
Originariamente inviato da deepdark Guarda i messaggi
Prova ad usare questo: http://www.tomshw.it/news.php?newsid=10924
Poi fai una scansione on-line sul sito della kaspersky e facci sapere cosa ti dice.
Cmq credo anche io che sia un falso positivo, però è strano che panda veda se stesso come virus. So di un malware che infettava propio gli antivirus.

Edit: ho sbagliato link. Era questo http://research.pandasoftware.com/bl...ntiRootkit.zip
non è che il mcafee sia tatno efficace, tanto vale provare il trend micro e il bitdefender
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza
wizard1993 è offline   Rispondi citando il messaggio o parte di esso
Old 26-07-2007, 23:25   #8
smayor
Member
 
Iscritto dal: Jun 2007
Città: Treviso
Messaggi: 282
questo il log di mcfee rootkit

McAfee(R) Rootkit Detective 1.0 scan report
On 26-07-2007 at 23:19:36
OS-Version 5.1.2600
Service Pack 2.0
====================================

Object-Type: SSDT-hook
Object-Name: ZwAssignProcessToJobObject
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwClose
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateFile
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateKey
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateProcess
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateProcessEx
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateSection
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateSymbolicLinkObject
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateThread
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\filtnt.sys

Object-Type: SSDT-hook
Object-Name: ZwDeleteFile
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwDeleteKey
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwDeleteValueKey
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwLoadDriver
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwMakeTemporaryObject
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwOpenFile
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwOpenKey
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwOpenProcess
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwOpenSection
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwProtectVirtualMemory
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwQueryDirectoryFile
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwQueryKey
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwQueryValueKey
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwReplaceKey
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwRestoreKey
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwSaveKey
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwSaveKeyEx
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwSetInformationFile
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwSetValueKey
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwTerminateProcess
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\filtnt.sys

Object-Type: SSDT-hook
Object-Name: ZwTerminateThread
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwUnloadDriver
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwWriteVirtualMemory
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: Registry-key
Object-Name: 0009dd102015\Agnitum\Outpost Firewall\Kernel\SandBox.sys
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0009dd102015
Status: Hidden

Object-Type: Registry-key
Object-Name: 0009dd102015olSet001\Services\BTHPORT\Parameters\Keys\0009dd102015
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd102015
Status: Hidden

Object-Type: Registry-key
Object-Name: 0009dd102015olSet002\Services\BTHPORT\Parameters\Keys\0009dd102015
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0009dd102015
Status: Hidden

Object-Type: IAT/EAT-hook
PID: 3136
Details: Import : Function : ole32.dll:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:7C80AE6B But is : C:\Programmi\Real\RealPlayer\rpplugins\rpap3260.dll:61BF35B0
Object-Path: C:\Programmi\Real\RealPlayer\rpplugins\rpap3260.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 3136
Details: Import : Function : ole32.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:7C801D77 But is : C:\Programmi\Real\RealPlayer\rpplugins\rpap3260.dll:61BF36A0
Object-Path: C:\Programmi\Real\RealPlayer\rpplugins\rpap3260.dll
Status: Hooked

Object-Type: Process
Object-Name: explorer.exe
Pid: 1456
Object-Path: C:\WINDOWS\explorer.exe
Status: Visible

Object-Type: Process
Object-Name: System Idle Process
Pid: 0
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: alg.exe
Pid: 2232
Object-Path: C:\WINDOWS\system32\alg.exe
Status: Visible

Object-Type: Process
Object-Name: lsass.exe
Pid: 776
Object-Path: C:\WINDOWS\system32\lsass.exe
Status: Visible

Object-Type: Process
Object-Name: ati2evxx.exe
Pid: 932
Object-Path: C:\WINDOWS\system32\ati2evxx.exe
Status: Visible

Object-Type: Process
Object-Name: firefox.exe
Pid: 2296
Object-Path: C:\PROGRA~1\MOZILL~1\firefox.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1212
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: csrss.exe
Pid: 624
Object-Path: C:\WINDOWS\system32\csrss.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1120
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: ashDisp.exe
Pid: 1616
Object-Path: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Status: Visible

Object-Type: Process
Object-Name: System
Pid: 4
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: realplay.exe
Pid: 3136
Object-Path: C:\Programmi\Real\RealPlayer\realplay.exe
Status: Visible

Object-Type: Process
Object-Name: Rootkit_Detecti
Pid: 3664
Object-Path: C:\Documents and Settings\Matteo\Desktop\Rootkit_Detective.exe
Status: Visible

Object-Type: Process
Object-Name: winlogon.exe
Pid: 720
Object-Path: C:\WINDOWS\system32\winlogon.exe
Status: Visible

Object-Type: Process
Object-Name: usnsvc.exe
Pid: 2456
Object-Path: C:\Programmi\Windows Live\Messenger\usnsvc.exe
Status: Visible

Object-Type: Process
Object-Name: realsched.exe
Pid: 2116
Object-Path: C:\Programmi\File comuni\Real\Update_OB\realsched.exe
Status: Visible

Object-Type: Process
Object-Name: ati2evxx.exe
Pid: 1188
Object-Path: C:\WINDOWS\system32\ati2evxx.exe
Status: Visible

Object-Type: Process
Object-Name: ashServ.exe
Pid: 1344
Object-Path: C:\Programmi\Alwil Software\Avast4\ashServ.exe
Status: Visible

Object-Type: Process
Object-Name: spoolsv.exe
Pid: 1840
Object-Path: C:\WINDOWS\system32\spoolsv.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1964
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: PDAgent.exe
Pid: 228
Object-Path: C:\Programmi\RAXCO\PerfectDisk\PDAgent.exe
Status: Visible

Object-Type: Process
Object-Name: smss.exe
Pid: 540
Object-Path: C:\WINDOWS\system32\smss.exe
Status: Visible

Object-Type: Process
Object-Name: msnmsgr.exe
Pid: 3888
Object-Path: C:\Programmi\Windows Live\Messenger\msnmsgr.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1068
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1008
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: PDEngine.exe
Pid: 2096
Object-Path: C:\Programmi\RAXCO\PerfectDisk\PDEngine.exe
Status: Visible

Object-Type: Process
Object-Name: services.exe
Pid: 764
Object-Path: C:\WINDOWS\system32\services.exe
Status: Visible

Object-Type: Process
Object-Name: outpost.exe
Pid: 2004
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 952
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: AppleMobileDevi
Pid: 1944
Object-Path: C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Status: Visible

Object-Type: Process
Object-Name: aswUpdSv.exe
Pid: 1232
Object-Path: C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
Status: Visible

Object-Type: Process
Object-Name: SOUNDMAN.EXE
Pid: 1604
Object-Path: C:\WINDOWS\SOUNDMAN.EXE
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 428
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: rundll32.exe
Pid: 1700
Object-Path: C:\WINDOWS\system32\rundll32.exe
Status: Visible

Object-Type: Process
Object-Name: ashMaiSv.exe
Pid: 1360
Object-Path: C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
Status: Visible

Object-Type: Process
Object-Name: a2service.exe
Pid: 1920
Object-Path: C:\Programmi\a-squared Free\a2service.exe
Status: Visible

Scan complete. Hidden registry keys/values: 3

non mi pare abbia trovato niente di preoccupante
smayor è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 10:00   #9
wizard1993
Senior Member
 
L'Avatar di wizard1993
 
Iscritto dal: Apr 2006
Messaggi: 22462
fai unqa scan con rootkit unhooker
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza
wizard1993 è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 15:34   #10
smayor
Member
 
Iscritto dal: Jun 2007
Città: Treviso
Messaggi: 282
Quote:
Originariamente inviato da wizard1993 Guarda i messaggi
fai unqa scan con rootkit unhooker
ho fatto lo scan con questo UnHooker, mi da possible rootkit detected, ma non capisco su le varie finestre quali siano i file incriminati
smayor è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 15:37   #11
wizard1993
Senior Member
 
L'Avatar di wizard1993
 
Iscritto dal: Apr 2006
Messaggi: 22462
controlla se nella finestra hidden process detector c'è qualcosa di hidden
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza
wizard1993 è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 15:45   #12
smayor
Member
 
Iscritto dal: Jun 2007
Città: Treviso
Messaggi: 282
Quote:
Originariamente inviato da wizard1993 Guarda i messaggi
controlla se nella finestra hidden process detector c'è qualcosa di hidden
questo è il report
>SSDT State
NtAssignProcessToJobObject
Actual Address 0xEE7268B0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtClose
Actual Address 0xEE718BE0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtCreateFile
Actual Address 0xEE7161E0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtCreateKey
Actual Address 0xEE71CFB0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtCreateProcess
Actual Address 0xEE724120
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtCreateProcessEx
Actual Address 0xEE7247F0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtCreateSection
Actual Address 0xEE7154A0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtCreateSymbolicLinkObject
Actual Address 0xEE71CDB0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtCreateThread
Actual Address 0xEE7F6FA0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\FILTNT.SYS

NtDeleteFile
Actual Address 0xEE71BF80
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtDeleteKey
Actual Address 0xEE71E200
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtDeleteValueKey
Actual Address 0xEE722570
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtLoadDriver
Actual Address 0xEE722F20
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtMakeTemporaryObject
Actual Address 0xEE71C700
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtOpenFile
Actual Address 0xEE717AD0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtOpenKey
Actual Address 0xEE71DBE0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtOpenProcess
Actual Address 0xEE724ED0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtOpenSection
Actual Address 0xEE715BA0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtProtectVirtualMemory
Actual Address 0xEE727670
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtQueryDirectoryFile
Actual Address 0xEE719010
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtQueryKey
Actual Address 0xEE71EB90
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtQueryValueKey
Actual Address 0xEE71F1F0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtReplaceKey
Actual Address 0xEE7202C0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtRestoreKey
Actual Address 0xEE721F00
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtSaveKey
Actual Address 0xEE721230
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtSaveKeyEx
Actual Address 0xEE721890
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtSetInformationFile
Actual Address 0xEE71A1A0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtSetValueKey
Actual Address 0xEE71F870
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtTerminateProcess
Actual Address 0xEE7F7910
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\FILTNT.SYS

NtUnloadDriver
Actual Address 0xEE723460
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtWriteVirtualMemory
Actual Address 0xEE726F00
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

>Shadow
>Processes
>Drivers
>Stealth
>Files
>Hooks
[1176]ati2evxx.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->shell32.dll-->DllGetClassObject, Type: Inline - RelativeJump at address 0x7C9FF929 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[1448]explorer.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[1448]explorer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[1448]explorer.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[1448]explorer.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[1448]explorer.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[1448]explorer.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[1448]explorer.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[1448]explorer.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[1448]explorer.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->shell32.dll-->DllGetClassObject, Type: Inline - RelativeJump at address 0x7C9FF929 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->shell32.dll-->DllGetClassObject, Type: Inline - RelativeJump at address 0x7C9FF929 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->shell32.dll-->DllGetClassObject, Type: Inline - RelativeJump at address 0x7C9FF929 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[1736]jusched.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[1736]jusched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[1736]jusched.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[1736]jusched.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[1736]jusched.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[1736]jusched.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[1736]jusched.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[1736]jusched.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[1736]jusched.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->shell32.dll-->DllGetClassObject, Type: Inline - RelativeJump at address 0x7C9FF929 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->shell32.dll-->DllGetClassObject, Type: Inline - RelativeJump at address 0x7C9FF929 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[1928]a2service.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[1928]a2service.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[1928]a2service.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[1928]a2service.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[1928]a2service.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[1928]a2service.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[1928]a2service.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[1928]a2service.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[1928]a2service.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->shell32.dll-->DllGetClassObject, Type: Inline - RelativeJump at address 0x7C9FF929 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->shell32.dll-->DllGetClassObject, Type: Inline - RelativeJump at address 0x7C9FF929 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[268]outpost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [engine.dll]
[268]outpost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [engine.dll]
[268]outpost.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [engine.dll]
[268]outpost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [engine.dll]
[268]outpost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [engine.dll]
[292]PDAgent.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->shell32.dll-->DllGetClassObject, Type: Inline - RelativeJump at address 0x7C9FF929 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[720]winlogon.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump at address 0x7C80ADC0 hook handler located in [wl_hook.dll]
[720]winlogon.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
smayor è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 15:47   #13
smayor
Member
 
Iscritto dal: Jun 2007
Città: Treviso
Messaggi: 282
Quote:
Originariamente inviato da wizard1993 Guarda i messaggi
controlla se nella finestra hidden process detector c'è qualcosa di hidden
ci sono tutti i processi di outpost,avast,java,ecc
Ultima modifica di smayor : 27-07-2007 alle 15:53.
smayor è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 15:49   #14
wizard1993
Senior Member
 
L'Avatar di wizard1993
 
Iscritto dal: Apr 2006
Messaggi: 22462
senti sei capace a catturare le relative schermate e postarle?
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza
wizard1993 è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 16:00   #15
smayor
Member
 
Iscritto dal: Jun 2007
Città: Treviso
Messaggi: 282
Quote:
Originariamente inviato da wizard1993 Guarda i messaggi
controlla se nella finestra hidden process detector c'è qualcosa di hidden
questa è relativa alla prima schermata
smayor è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 16:27   #16
lancetta
Senior Member
 
L'Avatar di lancetta
 
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
ti ha messo la schermata nel vero senso della parola
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
lancetta è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 16:36   #17
Chill-Out
Moderatore
 
L'Avatar di Chill-Out
 
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
Quote:
Originariamente inviato da lancetta Guarda i messaggi
ti ha messo la schermata nel vero senso della parola
sarà mica il caldo
__________________
Try again and you will be luckier.
Chill-Out è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 21:43   #18
smayor
Member
 
Iscritto dal: Jun 2007
Città: Treviso
Messaggi: 282
ogni volta all'avvio outpost mi chiede di autorizzare una connessione udp :1900 verso l'indirizzo 239.255.255.250 da parte di Generic Host process di win32 service. cosa può essere??
smayor è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 22:06   #19
Chill-Out
Moderatore
 
L'Avatar di Chill-Out
 
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
Quote:
Originariamente inviato da smayor Guarda i messaggi
ogni volta all'avvio outpost mi chiede di autorizzare una connessione udp :1900 verso l'indirizzo 239.255.255.250 da parte di Generic Host process di win32 service. cosa può essere??
Nulla è una connessione Multicast verso
OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US
stai usando forse Windows Media Player o affini, comunque puoi tranquillamente bloccarla ed impostare una regola sul tuo firewall per bloccare le comunicazioni sul protocollo IGMP se non lo fà già di default.
__________________
Try again and you will be luckier.
Chill-Out è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 22:17   #20
Chill-Out
Moderatore
 
L'Avatar di Chill-Out
 
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
*
__________________
Try again and you will be luckier.
Chill-Out è offline   Rispondi citando il messaggio o parte di esso
Pagina 1 di 2 1 2 >
 Rispondi

« Discussione precedente | Discussione successiva »

Lenovo Legion Go 2: Ryzen Z2 Extreme e OLED 8,8'' per spingere gli handheld gaming PC al massimo Lenovo Legion Go 2: Ryzen Z2 Extreme e OLED 8,8'...
AWS re:Invent 2025: inizia l'era dell'AI-as-a-Service con al centro gli agenti AWS re:Invent 2025: inizia l'era dell'AI-as-a-Se...
Cos'è la bolla dell'IA e perché se ne parla Cos'è la bolla dell'IA e perché se...
BOOX Palma 2 Pro in prova: l'e-reader diventa a colori, e davvero tascabile BOOX Palma 2 Pro in prova: l'e-reader diventa a ...
FRITZ!Repeater 1700 estende la rete super-veloce Wi-Fi 7 FRITZ!Repeater 1700 estende la rete super-veloce...
SpaceX: un satellite ha fotografato il s...
36 idee regalo con offerte Amazon sotto ...
Sony assume il controllo dei Peanuts: Sn...
DJI Neo scende a 149€ su Amazon, in vers...
Scoperto un nuovo esopianeta che orbita ...
Blue Origin NS-37: successo per la missi...
Potrebbe essere stata rilevata una super...
La cometa interstellare 3I/ATLAS è...
Xiaomi 17 Ultra: l'autonomia non sarà un...
Il processo produttivo a 2 nm di TSMC è ...
L'atteso aggiornamento dei driver della ...
The Elder Scrolls VI nel 2029 e Fallout ...
Il Ryzen 7 9850X3D appare nel catalogo d...
Weekend pre natalizio Amazon, ecco tutte...
Prezzi giù su Oral-B iO: spazzolini elet...
Chromium
GPU-Z
OCCT
LibreOffice Portable
Opera One Portable
Opera One 106
CCleaner Portable
CCleaner Standard
Cpu-Z
Driver NVIDIA GeForce 546.65 WHQL
SmartFTP
Trillian
Google Chrome Portable
Google Chrome 120
VirtualBox
Tutti gli articoli Tutte le news Tutti i download

Strumenti

Regole
Non Puoi aprire nuove discussioni
Non Puoi rispondere ai messaggi
Non Puoi allegare file
Non Puoi modificare i tuoi messaggi
Il codice vB è On
Le Faccine sono On
Il codice [IMG] è On
Il codice HTML è Off
Vai al Forum


Tutti gli orari sono GMT +1. Ora sono le: 06:57.

Contattaci - Hardware Upgrade - Archivio - Note sulla Privacy - Su

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Served by www3v