Torna indietro   Hardware Upgrade Forum > Networking e sicurezza > Antivirus e Sicurezza > Aiuto sono infetto! Cosa faccio?
Ricarica la Pagina virus non trovato da avast??

Recensione vivo X300 Pro: è ancora lui il re della fotografia mobile, peccato per la batteria
Recensione vivo X300 Pro: è ancora lui il re della fotografia mobile, peccato per la batteria
vivo X300 Pro rappresenta un'evoluzione misurata della serie fotografica del produttore cinese, con un sistema di fotocamere migliorato, chipset Dimensity 9500 di ultima generazione e l'arrivo dell'interfaccia OriginOS 6 anche sui modelli internazionali. La scelta di limitare la batteria a 5.440mAh nel mercato europeo, rispetto ai 6.510mAh disponibili altrove, fa storcere un po' il naso
Lenovo Legion Go 2: Ryzen Z2 Extreme e OLED 8,8'' per spingere gli handheld gaming PC al massimo
Lenovo Legion Go 2: Ryzen Z2 Extreme e OLED 8,8'' per spingere gli handheld gaming PC al massimo
Lenovo Legion Go 2 è la nuova handheld PC gaming con processore AMD Ryzen Z2 Extreme (8 core Zen 5/5c, GPU RDNA 3.5 16 CU) e schermo OLED 8,8" 1920x1200 144Hz. È dotata anche di controller rimovibili TrueStrike con joystick Hall effect e una batteria da 74Wh. Rispetto al dispositivo che l'ha preceduta, migliora ergonomia e prestazioni a basse risoluzioni, ma pesa 920g e costa 1.299€ nella configurazione con 32GB RAM/1TB SSD e Z2 Extreme
AWS re:Invent 2025: inizia l'era dell'AI-as-a-Service con al centro gli agenti
AWS re:Invent 2025: inizia l'era dell'AI-as-a-Service con al centro gli agenti
A re:Invent 2025, AWS mostra un’evoluzione profonda della propria strategia: l’IA diventa una piattaforma di servizi sempre più pronta all’uso, con agenti e modelli preconfigurati che accelerano lo sviluppo, mentre il cloud resta la base imprescindibile per governare dati, complessità e lock-in in uno scenario sempre più orientato all’hybrid cloud
Numeri da record, Xiaomi distribuisce oltre 14 milioni di dollari di bonus ai concessionari
BitLocker accelerato via hardware: Microsoft raddoppia le prestazioni su Windows 11
Blue Origin prosegue lo sviluppo dei lander lunari Blue Moon MK1 e Blue Moon MK2
Moore Threads: nuove GPU 15 volte più potenti e supporto DirectX 12 Ultimate
Steam diventa esclusivamente 64-bit: Valve chiude l'era del 32-bit sulla piattaforma
La Corte Suprema restituisce a Elon Musk il premio da 55 miliardi, e lo condanna a pagare 1 dollaro
X lancia Creator Studio su mobile: nuovi strumenti per i creatori di contenuti
Dieci anni fa SpaceX fece atterrare per la prima volta il primo stadio di un razzo spaziale Falcon 9
POCO M8 e M8 Pro arriveranno nel 2026: ecco tutto quello che sappiamo sui due modelli
Caos Formula 1: il motore Mercedes è irregolare ma la FIA vuole autorizzarlo fino al 2027
Tariffe nazionali per le chiamate e gli SMS fra paesi UE: cosa cambia con il nuovo atto della Commissione
Tutti gli articoli Tutte le news

Vai al Forum
Pagina 1 di 2 1 2 >
Rispondi
 
Strumenti
Old 26-07-2007, 15:21   #1
smayor
Member
 
Iscritto dal: Jun 2007
Città: Treviso
Messaggi: 282
virus non trovato da avast??
come mi è stato consigliato qui http://www.hwupgrade.it/forum/showth...8#post18066408

mi è stato consigliato di postare un log eccolo
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.20.39, on 26/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
C:\Programmi\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD7BEE52-952B-4B41-9D33-0A9F2494CD1E}: NameServer = 193.12.150.2 212.247.152.2
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programmi\File comuni\LightScribe\LSSrvc.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe

--
End of file - 4731 bytes

secondo voi è proprio un virus? a me sembra strano!!
smayor è offline   Rispondi citando il messaggio o parte di esso
Old 26-07-2007, 15:29   #2
wizard1993
Senior Member
 
L'Avatar di wizard1993
 
Iscritto dal: Apr 2006
Messaggi: 22462
mi piacerebbe sapere su quali basi si basa la supposizione di chi ti ha spedito qui che tu abbia un virus;
fai una scan con panda antirootkit, ma i problemi sono ben altri
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza
wizard1993 è offline   Rispondi citando il messaggio o parte di esso
Old 26-07-2007, 16:44   #3
wizard1993
Senior Member
 
L'Avatar di wizard1993
 
Iscritto dal: Apr 2006
Messaggi: 22462
Quote:
Originariamente inviato da deepdark Guarda i messaggi
Prova a reinstallarlo, forse qualche aggiornamento lo ha fatto andare in palla. Ma con protezione web si intende la protezione da virus o quella specie di fw che ha avast?
entrambi
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza
wizard1993 è offline   Rispondi citando il messaggio o parte di esso
Old 26-07-2007, 16:47   #4
smayor
Member
 
Iscritto dal: Jun 2007
Città: Treviso
Messaggi: 282
e invece pare abbia ragione.
ho avviato gmer e mi da un processo nascosto di avast in rosso setup.ovr e a volte firefox.exe sempre in rosso. mi ha sballato le icone dei segnalibri di firefox e rallenta un pò il pc. ma ditemi un antirootkit per eliminarlo perchè con gmer non riesco!
smayor è offline   Rispondi citando il messaggio o parte di esso
Old 26-07-2007, 17:03   #5
smayor
Member
 
Iscritto dal: Jun 2007
Città: Treviso
Messaggi: 282
panda anti rootkit non ha trovato nulla ...mah...eppure se riattivo il modulo web di avast continua a non andarmi la navigazione web
smayor è offline   Rispondi citando il messaggio o parte di esso
Old 26-07-2007, 17:09   #6
smayor
Member
 
Iscritto dal: Jun 2007
Città: Treviso
Messaggi: 282
sto facendo lo scan online con totalscan di panda e avast mi è venuto fuori con questo
Sign of "Win32:CTX" has been found in "C:\WINDOWS\system32\Panda Software\ActiveScan2\pskavs.dll" file.
presumo sia un falso positivo...
o sbaglio?


ho fatto una scansione con total scan online e oltre a pochi cookie traccianti non mi ha trovato nulla....allora gmer mi dà un falso positivo???
resto con il dubbio...
Ultima modifica di smayor : 26-07-2007 alle 17:47.
smayor è offline   Rispondi citando il messaggio o parte di esso
Old 26-07-2007, 19:55   #7
wizard1993
Senior Member
 
L'Avatar di wizard1993
 
Iscritto dal: Apr 2006
Messaggi: 22462
Quote:
Originariamente inviato da deepdark Guarda i messaggi
Prova ad usare questo: http://www.tomshw.it/news.php?newsid=10924
Poi fai una scansione on-line sul sito della kaspersky e facci sapere cosa ti dice.
Cmq credo anche io che sia un falso positivo, però è strano che panda veda se stesso come virus. So di un malware che infettava propio gli antivirus.

Edit: ho sbagliato link. Era questo http://research.pandasoftware.com/bl...ntiRootkit.zip
non è che il mcafee sia tatno efficace, tanto vale provare il trend micro e il bitdefender
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza
wizard1993 è offline   Rispondi citando il messaggio o parte di esso
Old 26-07-2007, 23:25   #8
smayor
Member
 
Iscritto dal: Jun 2007
Città: Treviso
Messaggi: 282
questo il log di mcfee rootkit

McAfee(R) Rootkit Detective 1.0 scan report
On 26-07-2007 at 23:19:36
OS-Version 5.1.2600
Service Pack 2.0
====================================

Object-Type: SSDT-hook
Object-Name: ZwAssignProcessToJobObject
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwClose
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateFile
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateKey
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateProcess
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateProcessEx
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateSection
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateSymbolicLinkObject
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateThread
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\filtnt.sys

Object-Type: SSDT-hook
Object-Name: ZwDeleteFile
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwDeleteKey
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwDeleteValueKey
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwLoadDriver
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwMakeTemporaryObject
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwOpenFile
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwOpenKey
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwOpenProcess
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwOpenSection
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwProtectVirtualMemory
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwQueryDirectoryFile
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwQueryKey
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwQueryValueKey
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwReplaceKey
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwRestoreKey
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwSaveKey
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwSaveKeyEx
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwSetInformationFile
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwSetValueKey
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwTerminateProcess
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\filtnt.sys

Object-Type: SSDT-hook
Object-Name: ZwTerminateThread
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwUnloadDriver
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: SSDT-hook
Object-Name: ZwWriteVirtualMemory
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\Kernel\SandBox.sys

Object-Type: Registry-key
Object-Name: 0009dd102015\Agnitum\Outpost Firewall\Kernel\SandBox.sys
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0009dd102015
Status: Hidden

Object-Type: Registry-key
Object-Name: 0009dd102015olSet001\Services\BTHPORT\Parameters\Keys\0009dd102015
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd102015
Status: Hidden

Object-Type: Registry-key
Object-Name: 0009dd102015olSet002\Services\BTHPORT\Parameters\Keys\0009dd102015
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0009dd102015
Status: Hidden

Object-Type: IAT/EAT-hook
PID: 3136
Details: Import : Function : ole32.dll:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:7C80AE6B But is : C:\Programmi\Real\RealPlayer\rpplugins\rpap3260.dll:61BF35B0
Object-Path: C:\Programmi\Real\RealPlayer\rpplugins\rpap3260.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 3136
Details: Import : Function : ole32.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:7C801D77 But is : C:\Programmi\Real\RealPlayer\rpplugins\rpap3260.dll:61BF36A0
Object-Path: C:\Programmi\Real\RealPlayer\rpplugins\rpap3260.dll
Status: Hooked

Object-Type: Process
Object-Name: explorer.exe
Pid: 1456
Object-Path: C:\WINDOWS\explorer.exe
Status: Visible

Object-Type: Process
Object-Name: System Idle Process
Pid: 0
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: alg.exe
Pid: 2232
Object-Path: C:\WINDOWS\system32\alg.exe
Status: Visible

Object-Type: Process
Object-Name: lsass.exe
Pid: 776
Object-Path: C:\WINDOWS\system32\lsass.exe
Status: Visible

Object-Type: Process
Object-Name: ati2evxx.exe
Pid: 932
Object-Path: C:\WINDOWS\system32\ati2evxx.exe
Status: Visible

Object-Type: Process
Object-Name: firefox.exe
Pid: 2296
Object-Path: C:\PROGRA~1\MOZILL~1\firefox.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1212
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: csrss.exe
Pid: 624
Object-Path: C:\WINDOWS\system32\csrss.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1120
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: ashDisp.exe
Pid: 1616
Object-Path: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Status: Visible

Object-Type: Process
Object-Name: System
Pid: 4
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: realplay.exe
Pid: 3136
Object-Path: C:\Programmi\Real\RealPlayer\realplay.exe
Status: Visible

Object-Type: Process
Object-Name: Rootkit_Detecti
Pid: 3664
Object-Path: C:\Documents and Settings\Matteo\Desktop\Rootkit_Detective.exe
Status: Visible

Object-Type: Process
Object-Name: winlogon.exe
Pid: 720
Object-Path: C:\WINDOWS\system32\winlogon.exe
Status: Visible

Object-Type: Process
Object-Name: usnsvc.exe
Pid: 2456
Object-Path: C:\Programmi\Windows Live\Messenger\usnsvc.exe
Status: Visible

Object-Type: Process
Object-Name: realsched.exe
Pid: 2116
Object-Path: C:\Programmi\File comuni\Real\Update_OB\realsched.exe
Status: Visible

Object-Type: Process
Object-Name: ati2evxx.exe
Pid: 1188
Object-Path: C:\WINDOWS\system32\ati2evxx.exe
Status: Visible

Object-Type: Process
Object-Name: ashServ.exe
Pid: 1344
Object-Path: C:\Programmi\Alwil Software\Avast4\ashServ.exe
Status: Visible

Object-Type: Process
Object-Name: spoolsv.exe
Pid: 1840
Object-Path: C:\WINDOWS\system32\spoolsv.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1964
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: PDAgent.exe
Pid: 228
Object-Path: C:\Programmi\RAXCO\PerfectDisk\PDAgent.exe
Status: Visible

Object-Type: Process
Object-Name: smss.exe
Pid: 540
Object-Path: C:\WINDOWS\system32\smss.exe
Status: Visible

Object-Type: Process
Object-Name: msnmsgr.exe
Pid: 3888
Object-Path: C:\Programmi\Windows Live\Messenger\msnmsgr.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1068
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1008
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: PDEngine.exe
Pid: 2096
Object-Path: C:\Programmi\RAXCO\PerfectDisk\PDEngine.exe
Status: Visible

Object-Type: Process
Object-Name: services.exe
Pid: 764
Object-Path: C:\WINDOWS\system32\services.exe
Status: Visible

Object-Type: Process
Object-Name: outpost.exe
Pid: 2004
Object-Path: C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 952
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: AppleMobileDevi
Pid: 1944
Object-Path: C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Status: Visible

Object-Type: Process
Object-Name: aswUpdSv.exe
Pid: 1232
Object-Path: C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
Status: Visible

Object-Type: Process
Object-Name: SOUNDMAN.EXE
Pid: 1604
Object-Path: C:\WINDOWS\SOUNDMAN.EXE
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 428
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: rundll32.exe
Pid: 1700
Object-Path: C:\WINDOWS\system32\rundll32.exe
Status: Visible

Object-Type: Process
Object-Name: ashMaiSv.exe
Pid: 1360
Object-Path: C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
Status: Visible

Object-Type: Process
Object-Name: a2service.exe
Pid: 1920
Object-Path: C:\Programmi\a-squared Free\a2service.exe
Status: Visible

Scan complete. Hidden registry keys/values: 3

non mi pare abbia trovato niente di preoccupante
smayor è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 10:00   #9
wizard1993
Senior Member
 
L'Avatar di wizard1993
 
Iscritto dal: Apr 2006
Messaggi: 22462
fai unqa scan con rootkit unhooker
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza
wizard1993 è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 15:34   #10
smayor
Member
 
Iscritto dal: Jun 2007
Città: Treviso
Messaggi: 282
Quote:
Originariamente inviato da wizard1993 Guarda i messaggi
fai unqa scan con rootkit unhooker
ho fatto lo scan con questo UnHooker, mi da possible rootkit detected, ma non capisco su le varie finestre quali siano i file incriminati
smayor è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 15:37   #11
wizard1993
Senior Member
 
L'Avatar di wizard1993
 
Iscritto dal: Apr 2006
Messaggi: 22462
controlla se nella finestra hidden process detector c'è qualcosa di hidden
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza
wizard1993 è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 15:45   #12
smayor
Member
 
Iscritto dal: Jun 2007
Città: Treviso
Messaggi: 282
Quote:
Originariamente inviato da wizard1993 Guarda i messaggi
controlla se nella finestra hidden process detector c'è qualcosa di hidden
questo è il report
>SSDT State
NtAssignProcessToJobObject
Actual Address 0xEE7268B0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtClose
Actual Address 0xEE718BE0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtCreateFile
Actual Address 0xEE7161E0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtCreateKey
Actual Address 0xEE71CFB0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtCreateProcess
Actual Address 0xEE724120
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtCreateProcessEx
Actual Address 0xEE7247F0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtCreateSection
Actual Address 0xEE7154A0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtCreateSymbolicLinkObject
Actual Address 0xEE71CDB0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtCreateThread
Actual Address 0xEE7F6FA0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\FILTNT.SYS

NtDeleteFile
Actual Address 0xEE71BF80
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtDeleteKey
Actual Address 0xEE71E200
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtDeleteValueKey
Actual Address 0xEE722570
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtLoadDriver
Actual Address 0xEE722F20
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtMakeTemporaryObject
Actual Address 0xEE71C700
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtOpenFile
Actual Address 0xEE717AD0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtOpenKey
Actual Address 0xEE71DBE0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtOpenProcess
Actual Address 0xEE724ED0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtOpenSection
Actual Address 0xEE715BA0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtProtectVirtualMemory
Actual Address 0xEE727670
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtQueryDirectoryFile
Actual Address 0xEE719010
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtQueryKey
Actual Address 0xEE71EB90
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtQueryValueKey
Actual Address 0xEE71F1F0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtReplaceKey
Actual Address 0xEE7202C0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtRestoreKey
Actual Address 0xEE721F00
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtSaveKey
Actual Address 0xEE721230
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtSaveKeyEx
Actual Address 0xEE721890
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtSetInformationFile
Actual Address 0xEE71A1A0
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtSetValueKey
Actual Address 0xEE71F870
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtTerminateProcess
Actual Address 0xEE7F7910
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\FILTNT.SYS

NtUnloadDriver
Actual Address 0xEE723460
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

NtWriteVirtualMemory
Actual Address 0xEE726F00
Hooked by: C:\Programmi\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

>Shadow
>Processes
>Drivers
>Stealth
>Files
>Hooks
[1176]ati2evxx.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[1176]ati2evxx.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->shell32.dll-->DllGetClassObject, Type: Inline - RelativeJump at address 0x7C9FF929 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[1204]ashWebSv.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[1248]aswUpdSv.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[1448]explorer.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[1448]explorer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[1448]explorer.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[1448]explorer.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[1448]explorer.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[1448]explorer.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[1448]explorer.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[1448]explorer.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[1448]explorer.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->shell32.dll-->DllGetClassObject, Type: Inline - RelativeJump at address 0x7C9FF929 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[1448]explorer.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->shell32.dll-->DllGetClassObject, Type: Inline - RelativeJump at address 0x7C9FF929 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[1632]ashDisp.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->shell32.dll-->DllGetClassObject, Type: Inline - RelativeJump at address 0x7C9FF929 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[1724]rundll32.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[1736]jusched.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[1736]jusched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[1736]jusched.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[1736]jusched.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[1736]jusched.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[1736]jusched.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[1736]jusched.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[1736]jusched.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[1736]jusched.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->shell32.dll-->DllGetClassObject, Type: Inline - RelativeJump at address 0x7C9FF929 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[1736]jusched.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->shell32.dll-->DllGetClassObject, Type: Inline - RelativeJump at address 0x7C9FF929 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[1844]spoolsv.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[1928]a2service.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[1928]a2service.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[1928]a2service.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[1928]a2service.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[1928]a2service.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[1928]a2service.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[1928]a2service.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[1928]a2service.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[1928]a2service.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->shell32.dll-->DllGetClassObject, Type: Inline - RelativeJump at address 0x7C9FF929 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[1928]a2service.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[1960]AppleMobileDeviceService.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->shell32.dll-->DllGetClassObject, Type: Inline - RelativeJump at address 0x7C9FF929 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[2056]ashMaiSv.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[268]outpost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [engine.dll]
[268]outpost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [engine.dll]
[268]outpost.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [engine.dll]
[268]outpost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [engine.dll]
[268]outpost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [engine.dll]
[292]PDAgent.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->shell32.dll-->DllGetClassObject, Type: Inline - RelativeJump at address 0x7C9FF929 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[292]PDAgent.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
[720]winlogon.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump at address 0x7C80ADC0 hook handler located in [wl_hook.dll]
[720]winlogon.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x7C802367 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x7C802332 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump at address 0x7C81044C hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - RelativeJump at address 0x7C85A323 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump at address 0x7C8615B5 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9261CA hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C92718B hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->ntdll.dll-->NtRestoreKey, Type: Inline - RelativeJump at address 0x7C91E44A hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->ntdll.dll-->NtResumeProcess, Type: Inline - RelativeJump at address 0x7C91E45F hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->ntdll.dll-->NtSetBootOptions, Type: Inline - RelativeJump at address 0x7C91E4F2 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->ntdll.dll-->NtStopProfile, Type: Inline - RelativeJump at address 0x7C91E83A hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - RelativeJump at address 0x7C91E84F hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->ntdll.dll-->NtTerminateJobObject, Type: Inline - RelativeJump at address 0x7C91E88E hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->ntdll.dll-->NtWriteRequestData, Type: Inline - RelativeJump at address 0x7C91EA32 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump at address 0x7E39F85B hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - RelativeJump at address 0x7E3A8AE5 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - RelativeJump at address 0x7E3D938D hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->DdeConnect, Type: Inline - RelativeJump at address 0x7E3D7F93 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->DdeConnectList, Type: Inline - RelativeJump at address 0x7E3D82AE hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->DdeInitializeA, Type: Inline - RelativeJump at address 0x7E3DA6C6 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->DdeInitializeW, Type: Inline - RelativeJump at address 0x7E3A9CEF hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump at address 0x7E3D9E75 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->ExitWindowsEx, Type: Inline - RelativeJump at address 0x7E3DA045 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->FindWindowExA, Type: Inline - RelativeJump at address 0x7E3B210A hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->FindWindowExW, Type: Inline - RelativeJump at address 0x7E3A71CF hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump at address 0x7E39CB85 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump at address 0x7E398CCB hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump at address 0x7E3AF101 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump at address 0x7E3AF383 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump at address 0x7E3EAF01 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump at address 0x7E39F306 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump at address 0x7E3AFB2B hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump at address 0x7E39ED72 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump at address 0x7E39B8BA hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump at address 0x7E3D36E8 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump at address 0x7E39F27A hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump at address 0x7E3A3D4D hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump at address 0x7E39C01B hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x7E3B11D1 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x7E3ADDB5 hook handler located in [wl_hook.dll]
[932]ati2evxx.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x7E3B17B7 hook handler located in [wl_hook.dll]
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
smayor è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 15:47   #13
smayor
Member
 
Iscritto dal: Jun 2007
Città: Treviso
Messaggi: 282
Quote:
Originariamente inviato da wizard1993 Guarda i messaggi
controlla se nella finestra hidden process detector c'è qualcosa di hidden
ci sono tutti i processi di outpost,avast,java,ecc
Ultima modifica di smayor : 27-07-2007 alle 15:53.
smayor è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 15:49   #14
wizard1993
Senior Member
 
L'Avatar di wizard1993
 
Iscritto dal: Apr 2006
Messaggi: 22462
senti sei capace a catturare le relative schermate e postarle?
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza
wizard1993 è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 16:00   #15
smayor
Member
 
Iscritto dal: Jun 2007
Città: Treviso
Messaggi: 282
Quote:
Originariamente inviato da wizard1993 Guarda i messaggi
controlla se nella finestra hidden process detector c'è qualcosa di hidden
questa è relativa alla prima schermata
smayor è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 16:27   #16
lancetta
Senior Member
 
L'Avatar di lancetta
 
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
ti ha messo la schermata nel vero senso della parola
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
lancetta è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 16:36   #17
Chill-Out
Moderatore
 
L'Avatar di Chill-Out
 
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
Quote:
Originariamente inviato da lancetta Guarda i messaggi
ti ha messo la schermata nel vero senso della parola
sarà mica il caldo
__________________
Try again and you will be luckier.
Chill-Out è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 21:43   #18
smayor
Member
 
Iscritto dal: Jun 2007
Città: Treviso
Messaggi: 282
ogni volta all'avvio outpost mi chiede di autorizzare una connessione udp :1900 verso l'indirizzo 239.255.255.250 da parte di Generic Host process di win32 service. cosa può essere??
smayor è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 22:06   #19
Chill-Out
Moderatore
 
L'Avatar di Chill-Out
 
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
Quote:
Originariamente inviato da smayor Guarda i messaggi
ogni volta all'avvio outpost mi chiede di autorizzare una connessione udp :1900 verso l'indirizzo 239.255.255.250 da parte di Generic Host process di win32 service. cosa può essere??
Nulla è una connessione Multicast verso
OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US
stai usando forse Windows Media Player o affini, comunque puoi tranquillamente bloccarla ed impostare una regola sul tuo firewall per bloccare le comunicazioni sul protocollo IGMP se non lo fà già di default.
__________________
Try again and you will be luckier.
Chill-Out è offline   Rispondi citando il messaggio o parte di esso
Old 27-07-2007, 22:17   #20
Chill-Out
Moderatore
 
L'Avatar di Chill-Out
 
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
*
__________________
Try again and you will be luckier.
Chill-Out è offline   Rispondi citando il messaggio o parte di esso
Pagina 1 di 2 1 2 >
 Rispondi

« Discussione precedente | Discussione successiva »

Recensione vivo X300 Pro: è ancora lui il re della fotografia mobile, peccato per la batteria Recensione vivo X300 Pro: è ancora lui il...
Lenovo Legion Go 2: Ryzen Z2 Extreme e OLED 8,8'' per spingere gli handheld gaming PC al massimo Lenovo Legion Go 2: Ryzen Z2 Extreme e OLED 8,8'...
AWS re:Invent 2025: inizia l'era dell'AI-as-a-Service con al centro gli agenti AWS re:Invent 2025: inizia l'era dell'AI-as-a-Se...
Cos'è la bolla dell'IA e perché se ne parla Cos'è la bolla dell'IA e perché se...
BOOX Palma 2 Pro in prova: l'e-reader diventa a colori, e davvero tascabile BOOX Palma 2 Pro in prova: l'e-reader diventa a ...
Numeri da record, Xiaomi distribuisce ol...
BitLocker accelerato via hardware: Micro...
Blue Origin prosegue lo sviluppo dei lan...
Moore Threads: nuove GPU 15 volte pi&ugr...
Steam diventa esclusivamente 64-bit: Val...
La Corte Suprema restituisce a Elon Musk...
X lancia Creator Studio su mobile: nuovi...
Dieci anni fa SpaceX fece atterrare per ...
POCO M8 e M8 Pro arriveranno nel 2026: e...
Caos Formula 1: il motore Mercedes &egra...
Tariffe nazionali per le chiamate e gli ...
Tassa chilometrica non solo per elettric...
FSR 4 su Radeon RX 5000, 6000 e 7000? Li...
Quanti alberi ci sono in Skyrim? In The ...
Pocket Max, la nuova console Mangmi punt...
Chromium
GPU-Z
OCCT
LibreOffice Portable
Opera One Portable
Opera One 106
CCleaner Portable
CCleaner Standard
Cpu-Z
Driver NVIDIA GeForce 546.65 WHQL
SmartFTP
Trillian
Google Chrome Portable
Google Chrome 120
VirtualBox
Tutti gli articoli Tutte le news Tutti i download

Strumenti

Regole
Non Puoi aprire nuove discussioni
Non Puoi rispondere ai messaggi
Non Puoi allegare file
Non Puoi modificare i tuoi messaggi
Il codice vB è On
Le Faccine sono On
Il codice [IMG] è On
Il codice HTML è Off
Vai al Forum


Tutti gli orari sono GMT +1. Ora sono le: 19:07.

Contattaci - Hardware Upgrade - Archivio - Note sulla Privacy - Su

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Served by www3v