|
|||||||
|
|
|
 |
|
|
Strumenti |
09-12-2011, 15:12
|
#1 |
|
Junior Member
Iscritto dal: Dec 2011
Messaggi: 3
|
Microsoft windows ha smesso di funzionare..?
Ogni tanto il computer si freezza,ma mi è possibile usare il mouse,il freeze può durare dai 2secondi ai 5 minuti (Ogni tanto nemmeno si sblocca).Qualche volta durante i Freeze esce un messaggio d'errore con scritto :"Microsoft windows ha smesso di funzionare". L'errore ha iniziato a presentarsi due giorni fà,all'improvviso.
HiJackThis logs: Codice:
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:55:42, on 09/12/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\taskhost.exe C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.35\deploy\LoLLauncher.exe C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.106\deploy\LolClient.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Vayne\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis.exe C:\Windows\system32\notepad.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.8\iobitToolbarIE.dll O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.8\iobitToolbarIE.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.8\iobitToolbarIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- End of file - 5987 bytes |
|
|
|
09-12-2011, 15:23
|
#2 |
|
Member
Iscritto dal: Jun 2011
Messaggi: 202
|
ciao, se vuoi fare un controllo approfondito segui questa guida :Guida alla disinfezione per Infetti e allega i log come indicato nelle Regole di Sezione
|
|
|
|
|
09-12-2011, 15:53
|
#3 |
|
Junior Member
Iscritto dal: Dec 2011
Messaggi: 3
|
Di seguito riportato il log di GMER:
Codice:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-09 15:51:30
Windows 6.1.7600 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-5 WDC_WD5000AACS-00G8B0 rev.05.04C05
Running: gmer.exe; Driver: C:\Users\Vayne\AppData\Local\Temp\pxldrpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8DC1F9CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8E13CA68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8DC21EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8DC21F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8DC2201A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8DC21E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8DC21F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8DC21E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8DC21FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8DC1F9EE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8E13CB18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8DC1F7B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8DC1FA12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8DC22412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8DC204AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8DC21EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8DC21F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8DC22044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8DC21E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8DC21F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8DC21E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8DC21FF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8E13CBB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8DC20370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8DC1FA36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8DC1FA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8DC1F812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8DC1F94E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8DC1F92A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8DC1F972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8DC1FA7E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E1518DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A94579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB8F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 214 82AC0714 4 Bytes [CA, F9, C1, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82AC073C 4 Bytes [68, CA, 13, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F0 82AC07F0 8 Bytes [AC, 1E, C2, 8D, 04, 1F, C2, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 2FC 82AC07FC 4 Bytes [1A, 20, C2, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 82AC0818 4 Bytes [02, 1E, C2, 8D]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82C59F59 5 Bytes JMP 8E14D29E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82C73C5F 5 Bytes JMP 8E14ED50 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82CBE0EA 4 Bytes CALL 8DC20E3B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82CC61C5 4 Bytes CALL 8DC20E51 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82D2BE52 7 Bytes JMP 8E1518E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EE2A000, 0x3A3E05, 0xE8000020]
.text peauth.sys 99753C9D 28 Bytes [C4, 42, EE, D5, EA, C1, 27, ...]
.text peauth.sys 99753CC1 28 Bytes [C4, 42, EE, D5, EA, C1, 27, ...]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\wininit.exe[480] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0003006C
.text C:\Windows\system32\wininit.exe[480] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00030030
.text C:\Windows\system32\wininit.exe[480] USER32.dll!UnhookWindowsHookEx 770BCC7B 3 Bytes JMP 000C0120
.text C:\Windows\system32\wininit.exe[480] USER32.dll!UnhookWindowsHookEx + 4 770BCC7F 1 Byte [89]
.text C:\Windows\system32\wininit.exe[480] USER32.dll!UnhookWinEvent 770BD924 3 Bytes JMP 000C006C
.text C:\Windows\system32\wininit.exe[480] USER32.dll!UnhookWinEvent + 4 770BD928 1 Byte [89]
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 000C00E4
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 000C0030
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 000C00A8
.text C:\Windows\system32\services.exe[528] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Windows\system32\services.exe[528] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Windows\system32\lsass.exe[548] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Windows\system32\lsass.exe[548] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Windows\system32\lsm.exe[556] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Windows\system32\lsm.exe[556] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[652] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[652] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Windows\system32\winlogon.exe[756] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0003006C
.text C:\Windows\system32\winlogon.exe[756] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00030030
.text C:\Windows\system32\winlogon.exe[756] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00050120
.text C:\Windows\system32\winlogon.exe[756] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0005006C
.text C:\Windows\system32\winlogon.exe[756] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 000500E4
.text C:\Windows\system32\winlogon.exe[756] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00050030
.text C:\Windows\system32\winlogon.exe[756] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 000500A8
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Windows\system32\atiesrxx.exe[832] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0016006C
.text C:\Windows\system32\atiesrxx.exe[832] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00160030
.text C:\Windows\system32\atiesrxx.exe[832] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 001F0120
.text C:\Windows\system32\atiesrxx.exe[832] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 001F006C
.text C:\Windows\system32\atiesrxx.exe[832] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 001F00E4
.text C:\Windows\system32\atiesrxx.exe[832] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 001F0030
.text C:\Windows\system32\atiesrxx.exe[832] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 001F00A8
.text C:\Windows\System32\svchost.exe[904] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[904] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[904] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 001A0120
.text C:\Windows\System32\svchost.exe[904] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 001A006C
.text C:\Windows\System32\svchost.exe[904] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 001A00E4
.text C:\Windows\System32\svchost.exe[904] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 001A0030
.text C:\Windows\System32\svchost.exe[904] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 001A00A8
.text C:\Windows\System32\svchost.exe[944] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 000A006C
.text C:\Windows\System32\svchost.exe[944] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 000A0030
.text C:\Windows\System32\svchost.exe[944] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 003C0120
.text C:\Windows\System32\svchost.exe[944] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 003C006C
.text C:\Windows\System32\svchost.exe[944] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 003C00E4
.text C:\Windows\System32\svchost.exe[944] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 003C0030
.text C:\Windows\System32\svchost.exe[944] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 003C00A8
.text C:\Windows\system32\svchost.exe[988] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[988] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[988] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00BA0120
.text C:\Windows\system32\svchost.exe[988] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 00BA006C
.text C:\Windows\system32\svchost.exe[988] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00BA00E4
.text C:\Windows\system32\svchost.exe[988] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00BA0030
.text C:\Windows\system32\svchost.exe[988] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00BA00A8
.text C:\Users\Vayne\AppData\Local\Temp\Rar$EXa0.758\gmer.exe[1044] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0016006C
.text C:\Users\Vayne\AppData\Local\Temp\Rar$EXa0.758\gmer.exe[1044] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00160030
.text C:\Users\Vayne\AppData\Local\Temp\Rar$EXa0.758\gmer.exe[1044] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00210120
.text C:\Users\Vayne\AppData\Local\Temp\Rar$EXa0.758\gmer.exe[1044] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0021006C
.text C:\Users\Vayne\AppData\Local\Temp\Rar$EXa0.758\gmer.exe[1044] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 002100E4
.text C:\Users\Vayne\AppData\Local\Temp\Rar$EXa0.758\gmer.exe[1044] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00210030
.text C:\Users\Vayne\AppData\Local\Temp\Rar$EXa0.758\gmer.exe[1044] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 002100A8
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[1136] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00290120
.text C:\Windows\system32\svchost.exe[1136] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0029006C
.text C:\Windows\system32\svchost.exe[1136] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 002900E4
.text C:\Windows\system32\svchost.exe[1136] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00290030
.text C:\Windows\system32\svchost.exe[1136] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 002900A8
.text C:\Windows\system32\atieclxx.exe[1220] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0016006C
.text C:\Windows\system32\atieclxx.exe[1220] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00160030
.text C:\Windows\system32\atieclxx.exe[1220] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 002F0120
.text C:\Windows\system32\atieclxx.exe[1220] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 002F006C
.text C:\Windows\system32\atieclxx.exe[1220] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 002F00E4
.text C:\Windows\system32\atieclxx.exe[1220] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 002F0030
.text C:\Windows\system32\atieclxx.exe[1220] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 002F00A8
.text C:\Windows\system32\WUDFHost.exe[1240] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Windows\system32\WUDFHost.exe[1240] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Windows\system32\WUDFHost.exe[1240] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00140120
.text C:\Windows\system32\WUDFHost.exe[1240] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0014006C
.text C:\Windows\system32\WUDFHost.exe[1240] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 001400E4
.text C:\Windows\system32\WUDFHost.exe[1240] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00140030
.text C:\Windows\system32\WUDFHost.exe[1240] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 001400A8
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1424] kernel32.dll!SetUnhandledExceptionFilter 75623142 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\system32\Dwm.exe[1568] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Windows\system32\Dwm.exe[1568] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Windows\system32\Dwm.exe[1568] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00080120
.text C:\Windows\system32\Dwm.exe[1568] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0008006C
.text C:\Windows\system32\Dwm.exe[1568] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 000800E4
.text C:\Windows\system32\Dwm.exe[1568] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00080030
.text C:\Windows\system32\Dwm.exe[1568] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 000800A8
.text C:\Windows\Explorer.EXE[1592] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 000A006C
.text C:\Windows\Explorer.EXE[1592] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 000A0030
.text C:\Windows\Explorer.EXE[1592] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00150120
.text C:\Windows\Explorer.EXE[1592] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0015006C
.text C:\Windows\Explorer.EXE[1592] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 001500E4
.text C:\Windows\Explorer.EXE[1592] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00150030
.text C:\Windows\Explorer.EXE[1592] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 001500A8
.text C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe[1680] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0017006C
.text C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe[1680] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00170030
.text C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe[1680] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00300120
.text C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe[1680] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0030006C
.text C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe[1680] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 003000E4
.text C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe[1680] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00300030
.text C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe[1680] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 003000A8
.text C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe[1808] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0016006C
.text C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe[1808] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00160030
.text C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe[1808] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 001F0120
.text C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe[1808] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 001F006C
.text C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe[1808] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 001F00E4
.text C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe[1808] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 001F0030
.text C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe[1808] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 001F00A8
.text C:\Program Files\Skype\Phone\Skype.exe[1848] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0016006C
.text C:\Program Files\Skype\Phone\Skype.exe[1848] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00160030
.text C:\Program Files\Skype\Phone\Skype.exe[1848] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00210120
.text C:\Program Files\Skype\Phone\Skype.exe[1848] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0021006C
.text C:\Program Files\Skype\Phone\Skype.exe[1848] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 002100E4
.text C:\Program Files\Skype\Phone\Skype.exe[1848] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00210030
.text C:\Program Files\Skype\Phone\Skype.exe[1848] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 002100A8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1888] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1888] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1888] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 000F0120
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1888] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 000F006C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1888] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 000F00E4
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1888] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 000F0030
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1888] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 000F00A8
.text C:\Windows\System32\spoolsv.exe[2292] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Windows\System32\spoolsv.exe[2292] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Windows\System32\spoolsv.exe[2292] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00100120
.text C:\Windows\System32\spoolsv.exe[2292] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0010006C
.text C:\Windows\System32\spoolsv.exe[2292] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 001000E4
.text C:\Windows\System32\spoolsv.exe[2292] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00100030
.text C:\Windows\System32\spoolsv.exe[2292] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 001000A8
.text C:\Windows\system32\svchost.exe[2364] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[2364] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[2364] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00140120
.text C:\Windows\system32\svchost.exe[2364] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0014006C
.text C:\Windows\system32\svchost.exe[2364] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 001400E4
.text C:\Windows\system32\svchost.exe[2364] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00140030
.text C:\Windows\system32\svchost.exe[2364] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 001400A8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtCreateFile + 6 771C4A16 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtCreateFile + B 771C4A1B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtMapViewOfSection + 6 771C5076 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtMapViewOfSection + 6 771C5076 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtMapViewOfSection + B 771C507B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenFile + 6 771C5126 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenFile + B 771C512B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenProcess + 6 771C51D6 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenProcess + B 771C51DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenProcessToken + B 771C51EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenProcessTokenEx + 6 771C51F6 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenProcessTokenEx + B 771C51FB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenThread + 6 771C5256 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenThread + B 771C525B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenThreadToken + 6 771C5266 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenThreadToken + B 771C526B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtOpenThreadTokenEx + B 771C527B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtQueryAttributesFile + 6 771C5386 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtQueryAttributesFile + B 771C538B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtQueryFullAttributesFile + B 771C543B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtSetInformationFile + 6 771C5A86 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtSetInformationFile + B 771C5A8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtSetInformationThread + 6 771C5AE6 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtSetInformationThread + B 771C5AEB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtUnmapViewOfSection + 6 771C5E06 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtUnmapViewOfSection + 6 771C5E06 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!NtUnmapViewOfSection + B 771C5E0B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0009006C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00090030
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00130120
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0013006C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 001300E4
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00130030
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2396] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 001300A8
.text C:\Program Files\WinRAR\WinRAR.exe[2496] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0007006C
.text C:\Program Files\WinRAR\WinRAR.exe[2496] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00070030
.text C:\Program Files\WinRAR\WinRAR.exe[2496] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00200120
.text C:\Program Files\WinRAR\WinRAR.exe[2496] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0020006C
.text C:\Program Files\WinRAR\WinRAR.exe[2496] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 002000E4
.text C:\Program Files\WinRAR\WinRAR.exe[2496] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00200030
.text C:\Program Files\WinRAR\WinRAR.exe[2496] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 002000A8
.text C:\Windows\system32\taskhost.exe[2540] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskhost.exe[2540] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00050030
.text C:\Windows\system32\taskhost.exe[2540] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00070120
.text C:\Windows\system32\taskhost.exe[2540] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0007006C
.text C:\Windows\system32\taskhost.exe[2540] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 000700E4
.text C:\Windows\system32\taskhost.exe[2540] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00070030
.text C:\Windows\system32\taskhost.exe[2540] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 000700A8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtCreateFile + 6 771C4A16 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtCreateFile + B 771C4A1B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtMapViewOfSection + 6 771C5076 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtMapViewOfSection + 6 771C5076 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtMapViewOfSection + B 771C507B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenFile + 6 771C5126 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenFile + B 771C512B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcess + 6 771C51D6 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcess + B 771C51DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcessToken + B 771C51EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcessTokenEx + 6 771C51F6 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcessTokenEx + B 771C51FB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThread + 6 771C5256 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThread + B 771C525B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThreadToken + 6 771C5266 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThreadToken + B 771C526B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThreadTokenEx + B 771C527B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtQueryAttributesFile + 6 771C5386 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtQueryAttributesFile + B 771C538B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtQueryFullAttributesFile + B 771C543B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtSetInformationFile + 6 771C5A86 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtSetInformationFile + B 771C5A8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtSetInformationThread + 6 771C5AE6 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtSetInformationThread + B 771C5AEB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtUnmapViewOfSection + 6 771C5E06 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtUnmapViewOfSection + 6 771C5E06 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtUnmapViewOfSection + B 771C5E0B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0009006C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00090030
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] USER32.dll!UnhookWindowsHookEx 770BCC7B 3 Bytes JMP 000C0120
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] USER32.dll!UnhookWindowsHookEx + 4 770BCC7F 1 Byte [89]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] USER32.dll!UnhookWinEvent 770BD924 3 Bytes JMP 000C006C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] USER32.dll!UnhookWinEvent + 4 770BD928 1 Byte [89]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 000C00E4
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 000C0030
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 000C00A8
.text C:\Program Files\Opera\Opera.exe[2656] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0007006C
.text C:\Program Files\Opera\Opera.exe[2656] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00070030
.text C:\Program Files\Opera\Opera.exe[2656] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00090120
.text C:\Program Files\Opera\Opera.exe[2656] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0009006C
.text C:\Program Files\Opera\Opera.exe[2656] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 000900E4
.text C:\Program Files\Opera\Opera.exe[2656] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00090030
.text C:\Program Files\Opera\Opera.exe[2656] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 000900A8
.text C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.106\deploy\LolClient.exe[2688] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0047006C
.text C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.106\deploy\LolClient.exe[2688] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00470030
.text C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.106\deploy\LolClient.exe[2688] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00500120
.text C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.106\deploy\LolClient.exe[2688] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0050006C
.text C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.106\deploy\LolClient.exe[2688] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 005000E4
.text C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.106\deploy\LolClient.exe[2688] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00500030
.text C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.106\deploy\LolClient.exe[2688] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 005000A8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2716] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2716] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2716] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00080120
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2716] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0008006C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2716] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 000800E4
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2716] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00080030
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2716] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 000800A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2740] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2740] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2740] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00100120
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2740] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0010006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2740] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 001000E4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2740] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00100030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2740] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 001000A8
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2796] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0007006C
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2796] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00070030
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2796] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00100120
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2796] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0010006C
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2796] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 001000E4
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2796] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00100030
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[2796] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 001000A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2832] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2832] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Program Files\Bonjour\mDNSResponder.exe[2832] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00100120
.text C:\Program Files\Bonjour\mDNSResponder.exe[2832] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0010006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2832] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 001000E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[2832] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00100030
.text C:\Program Files\Bonjour\mDNSResponder.exe[2832] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 001000A8
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[2892] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 004A0120
.text C:\Windows\system32\svchost.exe[2892] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 004A006C
.text C:\Windows\system32\svchost.exe[2892] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 004A00E4
.text C:\Windows\system32\svchost.exe[2892] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 004A0030
.text C:\Windows\system32\svchost.exe[2892] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 004A00A8
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2928] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0016006C
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2928] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00160030
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2928] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00180120
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2928] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0018006C
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2928] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 001800E4
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2928] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00180030
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2928] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 001800A8
.text C:\Windows\system32\svchost.exe[3068] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[3068] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Windows\system32\SearchIndexer.exe[3384] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Windows\system32\SearchIndexer.exe[3384] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Windows\system32\SearchIndexer.exe[3384] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00090120
.text C:\Windows\system32\SearchIndexer.exe[3384] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0009006C
.text C:\Windows\system32\SearchIndexer.exe[3384] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 000900E4
.text C:\Windows\system32\SearchIndexer.exe[3384] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00090030
.text C:\Windows\system32\SearchIndexer.exe[3384] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 000900A8
.text C:\Windows\system32\WUDFHost.exe[3568] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Windows\system32\WUDFHost.exe[3568] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Windows\system32\WUDFHost.exe[3568] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00140120
.text C:\Windows\system32\WUDFHost.exe[3568] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0014006C
.text C:\Windows\system32\WUDFHost.exe[3568] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 001400E4
.text C:\Windows\system32\WUDFHost.exe[3568] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00140030
.text C:\Windows\system32\WUDFHost.exe[3568] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 001400A8
.text C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.35\deploy\LoLLauncher.exe[3728] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0017006C
.text C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.35\deploy\LoLLauncher.exe[3728] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00170030
.text C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.35\deploy\LoLLauncher.exe[3728] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00210120
.text C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.35\deploy\LoLLauncher.exe[3728] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0021006C
.text C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.35\deploy\LoLLauncher.exe[3728] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 002100E4
.text C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.35\deploy\LoLLauncher.exe[3728] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00210030
.text C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.35\deploy\LoLLauncher.exe[3728] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 002100A8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3784] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0018006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3784] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00180030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3784] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00220120
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3784] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0022006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3784] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 002200E4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3784] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00220030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3784] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 002200A8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtCreateFile + 6 771C4A16 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtCreateFile + B 771C4A1B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtMapViewOfSection + 6 771C5076 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtMapViewOfSection + 6 771C5076 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtMapViewOfSection + B 771C507B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenFile + 6 771C5126 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenFile + B 771C512B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcess + 6 771C51D6 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcess + B 771C51DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessToken + B 771C51EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessTokenEx + 6 771C51F6 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessTokenEx + B 771C51FB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThread + 6 771C5256 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThread + B 771C525B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadToken + 6 771C5266 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadToken + B 771C526B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadTokenEx + B 771C527B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryAttributesFile + 6 771C5386 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryAttributesFile + B 771C538B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryFullAttributesFile + B 771C543B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationFile + 6 771C5A86 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationFile + B 771C5A8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationThread + 6 771C5AE6 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationThread + B 771C5AEB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtUnmapViewOfSection + 6 771C5E06 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtUnmapViewOfSection + 6 771C5E06 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtUnmapViewOfSection + B 771C5E0B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0009006C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00090030
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00130120
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0013006C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 001300E4
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00130030
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 001300A8
.text C:\Windows\system32\svchost.exe[3988] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[3988] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[3988] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 002A0120
.text C:\Windows\system32\svchost.exe[3988] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 002A006C
.text C:\Windows\system32\svchost.exe[3988] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 002A00E4
.text C:\Windows\system32\svchost.exe[3988] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 002A0030
.text C:\Windows\system32\svchost.exe[3988] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 002A00A8
.text C:\Users\Vayne\AppData\Local\Temp\fsonlinescanner.exe[4060] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Users\Vayne\AppData\Local\Temp\fsonlinescanner.exe[4060] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Users\Vayne\AppData\Local\Temp\fsonlinescanner.exe[4060] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 000F0120
.text C:\Users\Vayne\AppData\Local\Temp\fsonlinescanner.exe[4060] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 000F006C
.text C:\Users\Vayne\AppData\Local\Temp\fsonlinescanner.exe[4060] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 000F00E4
.text C:\Users\Vayne\AppData\Local\Temp\fsonlinescanner.exe[4060] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 000F0030
.text C:\Users\Vayne\AppData\Local\Temp\fsonlinescanner.exe[4060] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 000F00A8
.text C:\Windows\system32\conhost.exe[4376] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0003006C
.text C:\Windows\system32\conhost.exe[4376] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00030030
.text C:\Windows\system32\conhost.exe[4376] USER32.dll!UnhookWindowsHookEx 770BCC7B 3 Bytes JMP 000C0120
.text C:\Windows\system32\conhost.exe[4376] USER32.dll!UnhookWindowsHookEx + 4 770BCC7F 1 Byte [89]
.text C:\Windows\system32\conhost.exe[4376] USER32.dll!UnhookWinEvent 770BD924 3 Bytes JMP 000C006C
.text C:\Windows\system32\conhost.exe[4376] USER32.dll!UnhookWinEvent + 4 770BD928 1 Byte [89]
.text C:\Windows\system32\conhost.exe[4376] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 000C00E4
.text C:\Windows\system32\conhost.exe[4376] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 000C0030
.text C:\Windows\system32\conhost.exe[4376] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 000C00A8
.text C:\Windows\System32\svchost.exe[4748] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[4748] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[4844] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[4844] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[4844] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00260120
.text C:\Windows\System32\svchost.exe[4844] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0026006C
.text C:\Windows\System32\svchost.exe[4844] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 002600E4
.text C:\Windows\System32\svchost.exe[4844] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00260030
.text C:\Windows\System32\svchost.exe[4844] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 002600A8
.text C:\Program Files\Java\jre6\bin\java.exe[5076] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 000C006C
.text C:\Program Files\Java\jre6\bin\java.exe[5076] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 000C0030
.text C:\Program Files\Java\jre6\bin\java.exe[5076] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00180120
.text C:\Program Files\Java\jre6\bin\java.exe[5076] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0018006C
.text C:\Program Files\Java\jre6\bin\java.exe[5076] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 001800E4
.text C:\Program Files\Java\jre6\bin\java.exe[5076] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00180030
.text C:\Program Files\Java\jre6\bin\java.exe[5076] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 001800A8
.text C:\Users\Vayne\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis.exe[5140] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0016006C
.text C:\Users\Vayne\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis.exe[5140] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00160030
.text C:\Users\Vayne\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis.exe[5140] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 001F0120
.text C:\Users\Vayne\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis.exe[5140] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 001F006C
.text C:\Users\Vayne\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis.exe[5140] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 001F00E4
.text C:\Users\Vayne\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis.exe[5140] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 001F0030
.text C:\Users\Vayne\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis.exe[5140] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 001F00A8
.text C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[5492] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0017006C
.text C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[5492] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00170030
.text C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[5492] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00210120
.text C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[5492] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0021006C
.text C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[5492] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 002100E4
.text C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[5492] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00210030
.text C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[5492] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 002100A8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5856] ntdll.dll!LdrUnloadDll 771DBE7F 5 Bytes JMP 0006006C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5856] ntdll.dll!LdrLoadDll 771DF585 5 Bytes JMP 00060030
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5856] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00100120
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5856] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 0010006C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5856] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 001000E4
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5856] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00100030
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5856] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 001000A8
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe[1680] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe[1680] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe[1680] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe[1680] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe[1680] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe[1680] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\WinRAR\WinRAR.exe[2496] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\WinRAR\WinRAR.exe[2496] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\WinRAR\WinRAR.exe[2496] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\WinRAR\WinRAR.exe[2496] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\WinRAR\WinRAR.exe[2496] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\WinRAR\WinRAR.exe[2496] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\Opera\Opera.exe[2656] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\Opera\Opera.exe[2656] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\Opera\Opera.exe[2656] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\Opera\Opera.exe[2656] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\Opera\Opera.exe[2656] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\Opera\Opera.exe[2656] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\Opera\Opera.exe[2656] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.106\deploy\LolClient.exe[2688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.106\deploy\LolClient.exe[2688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.106\deploy\LolClient.exe[2688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.106\deploy\LolClient.exe[2688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.106\deploy\LolClient.exe[2688] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.106\deploy\LolClient.exe[2688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.106\deploy\LolClient.exe[2688] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.35\deploy\LoLLauncher.exe[3728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.35\deploy\LoLLauncher.exe[3728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.35\deploy\LoLLauncher.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.35\deploy\LoLLauncher.exe[3728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.35\deploy\LoLLauncher.exe[3728] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.35\deploy\LoLLauncher.exe[3728] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Users\Vayne\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis.exe[5140] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Users\Vayne\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis.exe[5140] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Users\Vayne\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis.exe[5140] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Users\Vayne\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis.exe[5140] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Users\Vayne\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis.exe[5140] @ C:\Windows\system32\wininet.DLL [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Users\Vayne\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis.exe[5140] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\Users\Vayne\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis.exe[5140] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[5492] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[5492] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[5492] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
IAT C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[5492] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Libreria client compatibilità applicazione/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
---- Files - GMER 1.0.15 ----
File C:\Users\Vayne\AppData\Local\Opera\Opera\temporary_downloads\launch.exe (size mismatch) 27985280/1549556 bytes executable
---- EOF - GMER 1.0.15 ----
|
|
|
|
|
09-12-2011, 16:26
|
#4 |
|
Junior Member
Iscritto dal: Dec 2011
Messaggi: 3
|
F-Secure logs:
Codice:
Rapporto scansione
venerdì, dicembre 9, 2011 16:11:16 - 16:22:30
Nome computer: ALE
Tipo di scansione Analizza sistema per la ricerca di malware, spyware e rootkit
Destinazione: C:\
Nessun malware rilevato
Statistiche
Analizzati:
File: 31987
Sistema: 3734
Non analizzati: 33
Azioni:
Disinfettati: 0
Rinominati: 0
Eliminati: 0
Non rimossi: 0
Inviati: 0
File non analizzati:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\USERS\VAYNE\APPDATA\LOCAL\TEMP\ETILQS_QAXXH2NIIGAQVJN
C:\USERS\VAYNE\APPDATA\LOCAL\TEMP\ETILQS_YREVWINEQVEEX5F
C:\USERS\VAYNE\APPDATA\LOCAL\TEMP\ETILQS_WZSAIKYQSPJIUFR
C:\USERS\VAYNE\APPDATA\LOCAL\TEMP\HSPERFDATA_VAYNE\2656
C:\USERS\VAYNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CURRENT SESSION
C:\USERS\VAYNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CURRENT TABS
C:\USERS\VAYNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\MEDIA CACHE\DATA_0
C:\USERS\VAYNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\MEDIA CACHE\DATA_1
C:\USERS\VAYNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_1
C:\USERS\VAYNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\MEDIA CACHE\INDEX
C:\USERS\VAYNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\MEDIA CACHE\DATA_2
C:\USERS\VAYNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_3
C:\USERS\VAYNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\MEDIA CACHE\DATA_3
C:\USERS\VAYNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_2
C:\USERS\VAYNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_0
C:\USERS\VAYNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\INDEX
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7253D2FFA81A8C6B94DD0F09F170A870_686A334B-2419-4936-B367-935E942B6E72
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5855F796342220E5E4A6D90EB3BA6D57_686A334B-2419-4936-B367-935E942B6E72
C:\BOOT\BCD
Opzioni
Moduli di scansione:
Opzioni di scansione:
Analizza file definiti: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Utilizza euristica avanzata
|
|
|
|
|
09-12-2011, 23:42
|
#5 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
I log in formato testo .txt su uno dei Server Remoti qui indicati http://www.hwupgrade.it/forum/showthread.php?t=1751598
__________________
Try again and you will be luckier.
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 04:17.
