Internet mi się wyłącza co parę minut.

**Posty:** 9 · przez **Bgolab3** 22 Sty 2012, 13:52

Witam,

Posiadam Win7 32 bity , mój internet co 5 minut się wyłącza. Mam 2 komputery podłączone do access pointa , i access point do anteny radiowej
Internet : 2mb Radiówka osiedlowa.
Problem taki że koleś był zmieniał urządzenie access point itd i to nic nie dało. Karta sieciowa : Realtek RTL8139.
Podczas przeglądania internetu , albo grania ping skacze do 4000+ albo wogóle nie chodzi i to trwa z 30sekund - 1 minutę.
Cały czas mam wrażenie że to wina wirusa.

Posiadałem nortona internet secourity 2011 (30 dniowa licencja). Wyskakiwało cały czas zapobieganie włamaniom włączone i że zablokowano włamanie. Usunąłem nortona , zainstalowałem Avasta (darmowa licencja). Nic nie wyskakiwało. Ale nadal mam ten problem. Mam odptaszkowane oszczędzanie energii w ustawieniach karty sieciowej. To też nic nie dało. Pobieranie schodzi do 2kb/s pingi 4-5k+ W cmd jak staram się pingować z głównym serwerem mojej sieci jest 1ms a potem skacze albo wogóle że nie działa.

Kod: Zaznacz wszystko: http://oi40.tinypic.com/5dldnt.jpg

GMER :

Kod: Zaznacz wszystko: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-01-22 13:40:43 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-8 WDC_WD2500AAJB-00WGA0 rev.00.02C01 Running: gmer.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uwddakob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x83F97FC4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x916AD510] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x83F9A456] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x83F9A4AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x83F9A5C4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x83F9A3AC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x83F9A4FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x83F9A400] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x83F9A572] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x83F97FE8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x916AD5C0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x83F97DB2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x83F9800C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x83F9A9BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x83F98AA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x83F9A486] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x83F9A4D6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x83F9A5EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x83F9A3D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x83F9A53E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x83F9A42E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x83F9A59C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x916AD658] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x83F9896A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x83F98030] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x83F98054] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x83F97E0C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x83F97F48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x83F97F24] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x83F97F6C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x83F98078] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x916C17A2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E99579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EBDF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 214 82EC5714 3 Bytes [C4, 7F, F9] {LES EDI, DWORD [EDI-0x7]} .text ntkrnlpa.exe!RtlSidHashLookup + 23C 82EC573C 4 Bytes [10, D5, 6A, 91] {ADC CH, DL; PUSH -0x6f} .text ntkrnlpa.exe!RtlSidHashLookup + 2F0 82EC57F0 3 Bytes [56, A4, F9] {PUSH ESI; MOVSB ; STC } .text ntkrnlpa.exe!RtlSidHashLookup + 2F4 82EC57F4 3 Bytes [AE, A4, F9] {SCASB ; MOVSB ; STC } .text ntkrnlpa.exe!RtlSidHashLookup + 2FC 82EC57FC 3 Bytes [C4, A5, F9] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8305EF59 5 Bytes JMP 916BE69C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 83078C5F 5 Bytes JMP 916C0174 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 830C30EA 4 Bytes CALL 83F99025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 830CB1C5 4 Bytes CALL 83F9903B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 83130E52 7 Bytes JMP 916C17A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92031000, 0x3AB565, 0xE8000020] PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A5398000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A5398123 629 Bytes [35, 39, A5, FE, 05, 34, 35, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 A5398399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F A53983FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B A53984AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\svchost.exe[324] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[324] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[324] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\svchost.exe[324] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00190A08 .text C:\Windows\system32\svchost.exe[324] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 001903FC .text C:\Windows\system32\svchost.exe[324] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00190804 .text C:\Windows\system32\svchost.exe[324] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 001901F8 .text C:\Windows\system32\svchost.exe[324] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00190600 .text C:\Windows\system32\taskhost.exe[456] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000503FC .text C:\Windows\system32\taskhost.exe[456] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskhost.exe[456] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\taskhost.exe[456] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskhost.exe[456] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 000703FC .text C:\Windows\system32\taskhost.exe[456] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00070804 .text C:\Windows\system32\taskhost.exe[456] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskhost.exe[456] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00070600 .text C:\Windows\system32\csrss.exe[460] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text E:\Program Files\Mozilla Firefox\firefox.exe[532] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text E:\Program Files\Mozilla Firefox\firefox.exe[532] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 6A9FB750 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text E:\Program Files\Mozilla Firefox\firefox.exe[532] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text E:\Program Files\Mozilla Firefox\firefox.exe[532] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 000F0A08 .text E:\Program Files\Mozilla Firefox\firefox.exe[532] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 000F03FC .text E:\Program Files\Mozilla Firefox\firefox.exe[532] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 000F0804 .text E:\Program Files\Mozilla Firefox\firefox.exe[532] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 000F01F8 .text E:\Program Files\Mozilla Firefox\firefox.exe[532] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 000F0600 .text C:\Windows\system32\wininit.exe[540] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000303FC .text C:\Windows\system32\wininit.exe[540] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000301F8 .text C:\Windows\system32\wininit.exe[540] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\wininit.exe[540] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 000C0A08 .text C:\Windows\system32\wininit.exe[540] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 000C03FC .text C:\Windows\system32\wininit.exe[540] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 000C0804 .text C:\Windows\system32\wininit.exe[540] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 000C01F8 .text C:\Windows\system32\wininit.exe[540] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 000C0600 .text C:\Windows\system32\csrss.exe[552] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\services.exe[588] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\services.exe[588] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\services.exe[588] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\lsass.exe[604] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\lsass.exe[604] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\lsass.exe[604] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\lsass.exe[604] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 000D0A08 .text C:\Windows\system32\lsass.exe[604] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 000D03FC .text C:\Windows\system32\lsass.exe[604] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 000D0804 .text C:\Windows\system32\lsass.exe[604] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 000D01F8 .text C:\Windows\system32\lsass.exe[604] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 000D0600 .text C:\Windows\system32\lsm.exe[612] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\lsm.exe[612] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\lsm.exe[612] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\winlogon.exe[740] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000303FC .text C:\Windows\system32\winlogon.exe[740] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000301F8 .text C:\Windows\system32\winlogon.exe[740] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\winlogon.exe[740] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 000C0A08 .text C:\Windows\system32\winlogon.exe[740] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 000C03FC .text C:\Windows\system32\winlogon.exe[740] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 000C0804 .text C:\Windows\system32\winlogon.exe[740] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 000C01F8 .text C:\Windows\system32\winlogon.exe[740] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 000C0600 .text C:\Windows\system32\svchost.exe[776] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000A03FC .text C:\Windows\system32\svchost.exe[776] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000A01F8 .text C:\Windows\system32\svchost.exe[776] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\svchost.exe[868] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[868] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[868] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\atiesrxx.exe[916] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 001603FC .text C:\Windows\system32\atiesrxx.exe[916] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 001601F8 .text C:\Windows\system32\atiesrxx.exe[916] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\atiesrxx.exe[916] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 002F0A08 .text C:\Windows\system32\atiesrxx.exe[916] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 002F03FC .text C:\Windows\system32\atiesrxx.exe[916] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 002F0804 .text C:\Windows\system32\atiesrxx.exe[916] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 002F01F8 .text C:\Windows\system32\atiesrxx.exe[916] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 002F0600 .text C:\Windows\System32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[1004] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[1004] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\System32\svchost.exe[1004] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00230A08 .text C:\Windows\System32\svchost.exe[1004] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 002303FC .text C:\Windows\System32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00230804 .text C:\Windows\System32\svchost.exe[1004] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 002301F8 .text C:\Windows\System32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00230600 .text C:\Windows\System32\svchost.exe[1044] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[1044] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[1044] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\System32\svchost.exe[1044] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00320A08 .text C:\Windows\System32\svchost.exe[1044] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 003203FC .text C:\Windows\System32\svchost.exe[1044] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00320804 .text C:\Windows\System32\svchost.exe[1044] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 003201F8 .text C:\Windows\System32\svchost.exe[1044] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00320600 .text C:\Windows\system32\svchost.exe[1084] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000A03FC .text C:\Windows\system32\svchost.exe[1084] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000A01F8 .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\svchost.exe[1084] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00A90A08 .text C:\Windows\system32\svchost.exe[1084] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 00A903FC .text C:\Windows\system32\svchost.exe[1084] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00A90804 .text C:\Windows\system32\svchost.exe[1084] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 00A901F8 .text C:\Windows\system32\svchost.exe[1084] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00A90600 .text C:\Windows\system32\AUDIODG.EXE[1164] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\svchost.exe[1216] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1216] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1216] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\svchost.exe[1216] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 003C0A08 .text C:\Windows\system32\svchost.exe[1216] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 003C03FC .text C:\Windows\system32\svchost.exe[1216] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 003C0804 .text C:\Windows\system32\svchost.exe[1216] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 003C01F8 .text C:\Windows\system32\svchost.exe[1216] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 003C0600 .text C:\Windows\system32\atieclxx.exe[1292] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 001603FC .text C:\Windows\system32\atieclxx.exe[1292] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 001601F8 .text C:\Windows\system32\atieclxx.exe[1292] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\atieclxx.exe[1292] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 001F0A08 .text C:\Windows\system32\atieclxx.exe[1292] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 001F03FC .text C:\Windows\system32\atieclxx.exe[1292] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 001F0804 .text C:\Windows\system32\atieclxx.exe[1292] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 001F01F8 .text C:\Windows\system32\atieclxx.exe[1292] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 001F0600 .text C:\Users\Admin\Desktop\gmer.exe[1388] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 001603FC .text C:\Users\Admin\Desktop\gmer.exe[1388] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 001601F8 .text C:\Users\Admin\Desktop\gmer.exe[1388] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Users\Admin\Desktop\gmer.exe[1388] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00210A08 .text C:\Users\Admin\Desktop\gmer.exe[1388] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 002103FC .text C:\Users\Admin\Desktop\gmer.exe[1388] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00210804 .text C:\Users\Admin\Desktop\gmer.exe[1388] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 002101F8 .text C:\Users\Admin\Desktop\gmer.exe[1388] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00210600 .text C:\Windows\system32\svchost.exe[1404] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1404] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1476] kernel32.dll!SetUnhandledExceptionFilter 761B3142 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1476] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1600] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1600] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1600] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1600] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00300A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1600] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 003003FC .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1600] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00300804 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1600] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 003001F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1600] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00300600 .text C:\Windows\system32\Dwm.exe[1648] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\Dwm.exe[1648] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\Dwm.exe[1648] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1648] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00180A08 .text C:\Windows\system32\Dwm.exe[1648] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 001803FC .text C:\Windows\system32\Dwm.exe[1648] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00180804 .text C:\Windows\system32\Dwm.exe[1648] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 001801F8 .text C:\Windows\system32\Dwm.exe[1648] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00180600 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1660] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 001603FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1660] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 001601F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1660] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1660] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00210A08 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1660] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 002103FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1660] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00210804 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1660] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 002101F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1660] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00210600 .text C:\Windows\system32\taskeng.exe[1672] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000A03FC .text C:\Windows\system32\taskeng.exe[1672] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000A01F8 .text C:\Windows\system32\taskeng.exe[1672] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\taskeng.exe[1672] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00130A08 .text C:\Windows\system32\taskeng.exe[1672] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 001303FC .text C:\Windows\system32\taskeng.exe[1672] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00130804 .text C:\Windows\system32\taskeng.exe[1672] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 001301F8 .text C:\Windows\system32\taskeng.exe[1672] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00130600 .text C:\Windows\Explorer.EXE[1684] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text C:\Windows\Explorer.EXE[1684] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text C:\Windows\Explorer.EXE[1684] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\Explorer.EXE[1684] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00110A08 .text C:\Windows\Explorer.EXE[1684] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 001103FC .text C:\Windows\Explorer.EXE[1684] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00110804 .text C:\Windows\Explorer.EXE[1684] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 001101F8 .text C:\Windows\Explorer.EXE[1684] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00110600 .text C:\Windows\System32\spoolsv.exe[2040] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text C:\Windows\System32\spoolsv.exe[2040] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text C:\Windows\System32\spoolsv.exe[2040] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[2040] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00100A08 .text C:\Windows\System32\spoolsv.exe[2040] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 001003FC .text C:\Windows\System32\spoolsv.exe[2040] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00100804 .text C:\Windows\System32\spoolsv.exe[2040] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 001001F8 .text C:\Windows\System32\spoolsv.exe[2040] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00100600 .text C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe[2064] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 001603FC .text C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe[2064] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 001601F8 .text C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe[2064] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe[2064] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00200A08 .text C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe[2064] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 002003FC .text C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe[2064] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00200804 .text C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe[2064] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 002001F8 .text C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe[2064] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00200600 .text C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe[2124] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 001603FC .text C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe[2124] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 001601F8 .text C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe[2124] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe[2124] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00200A08 .text C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe[2124] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 002003FC .text C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe[2124] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00200804 .text C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe[2124] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 002001F8 .text C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe[2124] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00200600 .text C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe[2164] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 001603FC .text C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe[2164] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 001601F8 .text C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe[2164] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe[2164] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00300A08 .text C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe[2164] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 003003FC .text C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe[2164] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00300804 .text C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe[2164] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 003001F8 .text C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe[2164] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00300600 .text C:\Program Files\AMD\RAIDXpert\bin\RAIDXpert.exe[2184] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 001603FC .text C:\Program Files\AMD\RAIDXpert\bin\RAIDXpert.exe[2184] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 001601F8 .text C:\Program Files\AMD\RAIDXpert\bin\RAIDXpert.exe[2184] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Program Files\AMD\RAIDXpert\bin\RAIDXpert.exe[2184] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00300A08 .text C:\Program Files\AMD\RAIDXpert\bin\RAIDXpert.exe[2184] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 003003FC .text C:\Program Files\AMD\RAIDXpert\bin\RAIDXpert.exe[2184] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00300804 .text C:\Program Files\AMD\RAIDXpert\bin\RAIDXpert.exe[2184] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 003001F8 .text C:\Program Files\AMD\RAIDXpert\bin\RAIDXpert.exe[2184] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00300600 .text C:\Windows\system32\conhost.exe[2192] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000303FC .text C:\Windows\system32\conhost.exe[2192] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000301F8 .text C:\Windows\system32\conhost.exe[2192] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\conhost.exe[2192] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 000C0A08 .text C:\Windows\system32\conhost.exe[2192] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 000C03FC .text C:\Windows\system32\conhost.exe[2192] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 000C0804 .text C:\Windows\system32\conhost.exe[2192] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 000C01F8 .text C:\Windows\system32\conhost.exe[2192] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 000C0600 .text C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe[2216] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 001603FC .text C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe[2216] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 001601F8 .text C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe[2216] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe[2216] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00220A08 .text C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe[2216] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 002203FC .text C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe[2216] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00220804 .text C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe[2216] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 002201F8 .text C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe[2216] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00220600 .text C:\Windows\system32\svchost.exe[2248] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000A03FC .text C:\Windows\system32\svchost.exe[2248] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000A01F8 .text C:\Windows\system32\svchost.exe[2248] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\svchost.exe[2248] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 008A0A08 .text C:\Windows\system32\svchost.exe[2248] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 008A03FC .text C:\Windows\system32\svchost.exe[2248] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 008A0804 .text C:\Windows\system32\svchost.exe[2248] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 008A01F8 .text C:\Windows\system32\svchost.exe[2248] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 008A0600 .text C:\Windows\system32\sppsvc.exe[2260] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000703FC .text C:\Windows\system32\sppsvc.exe[2260] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000701F8 .text C:\Windows\system32\sppsvc.exe[2260] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\sppsvc.exe[2260] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00110A08 .text C:\Windows\system32\sppsvc.exe[2260] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 001103FC .text C:\Windows\system32\sppsvc.exe[2260] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00110804 .text C:\Windows\system32\sppsvc.exe[2260] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 001101F8 .text C:\Windows\system32\sppsvc.exe[2260] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00110600 .text C:\Windows\system32\svchost.exe[2280] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2280] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2280] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\System32\svchost.exe[2308] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[2308] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[2308] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\System32\svchost.exe[2348] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[2348] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[2348] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\PnkBstrA.exe[2400] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 001503FC .text C:\Windows\system32\PnkBstrA.exe[2400] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 001501F8 .text C:\Windows\system32\PnkBstrA.exe[2400] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\PnkBstrA.exe[2400] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 001E0A08 .text C:\Windows\system32\PnkBstrA.exe[2400] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 001E03FC .text C:\Windows\system32\PnkBstrA.exe[2400] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 001E0804 .text C:\Windows\system32\PnkBstrA.exe[2400] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 001E01F8 .text C:\Windows\system32\PnkBstrA.exe[2400] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 001E0600 .text C:\Windows\system32\svchost.exe[2432] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2432] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2432] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Program Files\ASUS\EPU\EPU.exe[2900] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 001503FC .text C:\Program Files\ASUS\EPU\EPU.exe[2900] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 001501F8 .text C:\Program Files\ASUS\EPU\EPU.exe[2900] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Program Files\ASUS\EPU\EPU.exe[2900] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00330A08 .text C:\Program Files\ASUS\EPU\EPU.exe[2900] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 003303FC .text C:\Program Files\ASUS\EPU\EPU.exe[2900] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00330804 .text C:\Program Files\ASUS\EPU\EPU.exe[2900] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 003301F8 .text C:\Program Files\ASUS\EPU\EPU.exe[2900] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00330600 .text C:\Windows\system32\WinMsgBalloonClient.exe[2920] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 001603FC .text C:\Windows\system32\WinMsgBalloonClient.exe[2920] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 001601F8 .text C:\Windows\system32\WinMsgBalloonClient.exe[2920] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\WinMsgBalloonClient.exe[2920] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 001F0A08 .text C:\Windows\system32\WinMsgBalloonClient.exe[2920] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 001F03FC .text C:\Windows\system32\WinMsgBalloonClient.exe[2920] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 001F0804 .text C:\Windows\system32\WinMsgBalloonClient.exe[2920] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 001F01F8 .text C:\Windows\system32\WinMsgBalloonClient.exe[2920] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 001F0600 .text C:\Windows\System32\svchost.exe[3084] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[3084] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[3084] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\System32\svchost.exe[3084] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00250A08 .text C:\Windows\System32\svchost.exe[3084] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 002503FC .text C:\Windows\System32\svchost.exe[3084] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00250804 .text C:\Windows\System32\svchost.exe[3084] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 002501F8 .text C:\Windows\System32\svchost.exe[3084] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00250600 .text E:\Program Files\Mozilla Firefox\plugin-container.exe[3108] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text E:\Program Files\Mozilla Firefox\plugin-container.exe[3108] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text E:\Program Files\Mozilla Firefox\plugin-container.exe[3108] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text E:\Program Files\Mozilla Firefox\plugin-container.exe[3108] USER32.dll!SetWindowLongA 77B9B1E3 5 Bytes JMP 6ADD3A89 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text E:\Program Files\Mozilla Firefox\plugin-container.exe[3108] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00300A08 .text E:\Program Files\Mozilla Firefox\plugin-container.exe[3108] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 003003FC .text E:\Program Files\Mozilla Firefox\plugin-container.exe[3108] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00300804 .text E:\Program Files\Mozilla Firefox\plugin-container.exe[3108] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 003001F8 .text E:\Program Files\Mozilla Firefox\plugin-container.exe[3108] USER32.dll!SetWindowLongW 77BA6614 5 Bytes JMP 6ADD3A1B E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text E:\Program Files\Mozilla Firefox\plugin-container.exe[3108] USER32.dll!GetWindowInfo 77BA6A82 5 Bytes JMP 6AB7C909 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text E:\Program Files\Mozilla Firefox\plugin-container.exe[3108] USER32.dll!TrackPopupMenu 77BC4B3B 5 Bytes JMP 6AB7CEBD E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text E:\Program Files\Mozilla Firefox\plugin-container.exe[3108] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00300600 .text C:\Windows\system32\wbem\wmiprvse.exe[3112] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\wbem\wmiprvse.exe[3112] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3112] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3112] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00100A08 .text C:\Windows\system32\wbem\wmiprvse.exe[3112] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 001003FC .text C:\Windows\system32\wbem\wmiprvse.exe[3112] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00100804 .text C:\Windows\system32\wbem\wmiprvse.exe[3112] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 001001F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3112] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00100600 .text C:\Windows\System32\svchost.exe[3356] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[3356] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[3356] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\System32\svchost.exe[3356] user32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00440A08 .text C:\Windows\System32\svchost.exe[3356] user32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 004403FC .text C:\Windows\System32\svchost.exe[3356] user32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00440804 .text C:\Windows\System32\svchost.exe[3356] user32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 004401F8 .text C:\Windows\System32\svchost.exe[3356] user32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00440600 .text C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3396] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 001603FC .text C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3396] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 001601F8 .text C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3396] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3396] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00200A08 .text C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3396] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 002003FC .text C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3396] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00200804 .text C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3396] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 002001F8 .text C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3396] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00200600 .text C:\Windows\system32\wbem\wmiprvse.exe[3444] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\wbem\wmiprvse.exe[3444] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3444] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3444] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00100A08 .text C:\Windows\system32\wbem\wmiprvse.exe[3444] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 001003FC .text C:\Windows\system32\wbem\wmiprvse.exe[3444] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00100804 .text C:\Windows\system32\wbem\wmiprvse.exe[3444] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 001001F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3444] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00100600 .text C:\Windows\system32\SearchIndexer.exe[3516] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000A03FC .text C:\Windows\system32\SearchIndexer.exe[3516] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000A01F8 .text C:\Windows\system32\SearchIndexer.exe[3516] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3516] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00140A08 .text C:\Windows\system32\SearchIndexer.exe[3516] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 001403FC .text C:\Windows\system32\SearchIndexer.exe[3516] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00140804 .text C:\Windows\system32\SearchIndexer.exe[3516] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 001401F8 .text C:\Windows\system32\SearchIndexer.exe[3516] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00140600 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3652] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3784] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3784] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3784] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3784] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00090A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3784] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 000903FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3784] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00090804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3784] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 000901F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3784] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00090600 .text C:\Windows\system32\WinMsgBalloonServer.exe[4036] ntdll.dll!LdrUnloadDll 77A8BE7F 5 Bytes JMP 001603FC .text C:\Windows\system32\WinMsgBalloonServer.exe[4036] ntdll.dll!LdrLoadDll 77A8F585 5 Bytes JMP 001601F8 .text C:\Windows\system32\WinMsgBalloonServer.exe[4036] kernel32.dll!GetBinaryTypeW + 70 761C7964 1 Byte [62] .text C:\Windows\system32\WinMsgBalloonServer.exe[4036] USER32.dll!UnhookWindowsHookEx 77B9CC7B 5 Bytes JMP 00200A08 .text C:\Windows\system32\WinMsgBalloonServer.exe[4036] USER32.dll!UnhookWinEvent 77B9D924 5 Bytes JMP 002003FC .text C:\Windows\system32\WinMsgBalloonServer.exe[4036] USER32.dll!SetWindowsHookExW 77BA210A 5 Bytes JMP 00200804 .text C:\Windows\system32\WinMsgBalloonServer.exe[4036] USER32.dll!SetWinEventHook 77BA507E 5 Bytes JMP 002001F8 .text C:\Windows\system32\WinMsgBalloonServer.exe[4036] USER32.dll!SetWindowsHookExA 77BC6DFA 5 Bytes JMP 00200600 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [748D250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748D2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748B5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748B56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748C8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748C4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748C50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748C51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [748C66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748C82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [748C8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748C907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [748CE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [748C4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \Driver\ACPI_HAL \Device\00000053 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x59 0xE5 0x06 0xE6 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x59 0xE5 0x06 0xE6 ... ---- EOF - GMER 1.0.15 ----

OTL :

Kod: Zaznacz wszystko: http://wklej.org/id/675080/

Extras :

Kod: Zaznacz wszystko: http://wklej.org/id/675082/

Post edytowany 22-01-2012 13:58
Proszę o pomoc.

**Posty:** 18165 · przez **wojtas** 22 Sty 2012, 19:38

daj jeszcze log z Ad Remover ( opcja Skan )

**Posty:** 9 · przez **Bgolab3** 22 Sty 2012, 19:51

AD-Remover (na wklej.org):

Kod: Zaznacz wszystko: http://wklej.org/id/675369/

Tutaj zdjęcie jak to wygląda , ping skoczy a potem nie ma przez chwile neta , i od razu potem wraca i działa przez chwilę :

Kod: Zaznacz wszystko: http://oi44.tinypic.com/15hh1kz.jpg

Dodam jeszcze że mam prawie to samo co kolega 19 listopada 2011r. (to samo co z nortonem)

Kod: Zaznacz wszystko: http://forum.programosy.pl/internet-wylacza-sie-po-5-minutach-vt129174.html

Nie wiem czy to wina dostawcy , Mojego kompa , urządzenia ( access point miałem wymieniany na nowszy , z lepszym procesorem) , anteny (nowa antenka działa pięknie) , kabla , Karty sieciowej [mam też drugą kartę zintegrowaną , zainstaluje do niej sterownik i sprawdzę czy coś się poprawiło , bo jak tak to wina karty sieciowej. Gdybym nie rozwiązał tego problem]. Końcowy etap to format , ale nie chcę bo chciałbym znać przyczynę problemu

. Najwyżej jak nic nie zadziała.

Dodałbym jeszcze że posiadam od 15-16 procesów svchost.exe.
Dodam jeszcze że mam proces PnkBstra.exe , też chciałbym się go pozbyć. Poczytałem że to proces od battlefielda , którego miałem z 2 miesiące temu. Nie mogę tego procesu usunąć

**Posty:** 18165 · przez **wojtas** 22 Sty 2012, 20:00

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sptd)
DRV - File not found [Kernel | System | Stopped] -- -- (ccHP)
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
[2012-01-11 18:52:57 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\7rp6fztr.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011-08-23 21:16:36 | 000,002,333 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7rp6fztr.default\searchplugins\askcom.xml
[2011-11-20 17:19:31 | 000,002,207 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7rp6fztr.default\searchplugins\MyStart Search.xml
O3 - HKU\S-1-5-21-125063723-3964426582-1128895894-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
[2012-01-22 13:26:46 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )
lecz to nie jest wina raczej wirusów

**Posty:** 9 · przez **Bgolab3** 22 Sty 2012, 20:33

Oto log z twojego skryptu , zrobiłem jak napisałeś :

Kod: Zaznacz wszystko: http://wklej.org/id/675386/

@Refresh :

Malwarebytes Anti-Malware :

Kod: Zaznacz wszystko: Malwarebytes Anti-Malware (Okres testowy) 1.60.0.1800 www.malwarebytes.org Wersja bazy: v2012.01.22.03 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Admin :: ADMIN-KOMPUTER [administrator] Ochrona: Włączona 2012-01-22 19:25:08 mbam-log-2012-01-22 (20-24-39).txt Typ skanowania: Pełne skanowanie Zaznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | System plików | Heurystyka/Dodatkowe | Heuristyka/Shuriken | PUP | PUM Odznaczone opcje skanowania: P2P Przeskanowano obiektów: 391948 Upłynęło: 58 minut(y), 48 sekund(y) Wykrytych procesów w pamięci: 0 (Nie znaleziono zagrożeń) Wykrytych modułów w pamięci: 0 (Nie znaleziono zagrożeń) Wykrytych kluczy rejestru: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PDF Reader (Adware.Agent) -> Nie wykonano akcji. Wykrytych wartości rejestru: 0 (Nie znaleziono zagrożeń) Wykryte wpisy rejestru systemowego: 0 (Nie znaleziono zagrożeń) wykrytych folderów: 0 (Nie znaleziono zagrożeń) Wykrytych plików: 6 C:\Users\Admin\Desktop\PDFReaderSetup.exe (Adware.Agent) -> Nie wykonano akcji. C:\Users\Admin\Desktop\patcher\metin2.bin (Backdoor.Hupigon) -> Nie wykonano akcji. C:\Program Files\PDFReader\Uninstall\Uninstall.exe (Adware.Agent) -> Nie wykonano akcji. E:\Program Files\Dark Sector\EXTRAS\Trainer+5\DarkSectorTrainer+5.exe (HackTool.GamesCheat.Gen) -> Nie wykonano akcji. E:\Program Files\DragonMT2\metin2.bin (Backdoor.Hupigon) -> Nie wykonano akcji. E:\Program Files\EliteMT2\metin2.bin (Backdoor.Hupigon) -> Nie wykonano akcji. (zakończone)

Zapomniałem usunąć pliki

, to co widzę , młodszy brat pobiera jakieś metiny...
Włączyłem program i nie mogę odszukać tych plików w programie

@ Refresh :

Usunąłem pliki docelowo. Ręcznie

Dodano Dzisiaj, 15:20:
Refresh

Dodano Dzisiaj, 16:51:
Gdy internet źle chodzi , odłączam i podłączam ponownie kable i jakoś działa , i potem znowu to trzeba zrobić. Jest to uciążliwe

Dodano Dzisiaj, 19:07:
Problem rozwiązany :

Rozwiązania które zastosowałem :

1. Odinstalowanie Mozilla Firefos , i zainstlaowanie ponownie
2. Ustawienia zasilacza > Wyłączenie oszczędności energi z PCI (tam mam kartę podpiętą)
3. Zainstalowanie ponownie wszystkich sterowników i aktualizacja sterów

Jeszcze chciałbym się uporać z problemem takim że :

1. Posiadam 15-16 procesów svchost.exe
2. chciałbym usunąć proces PnKBstra.exe

**Posty:** 18165 · przez **wojtas** 24 Sty 2012, 14:30

procesy są ok,

PnKBstra.exe jest to plik od Punkbustera
http://pl.wikipedia.org/wiki/PunkBuster