GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-06-02 14:29:35
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateKey [0xF0F247A6]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0xF0F21794]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcessEx [0xF0F21F1E]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteKey [0xF0F251F0]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteValueKey [0xF0F2542A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwRenameKey [0xF0F2612A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwSetValueKey [0xF0F2583C]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwTerminateProcess [0xF0F20D0A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0xF0F20384]
---- Kernel code sections - GMER 1.0.14 ----
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\Explorer.EXE[236] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 40, 84 ]
.text C:\WINDOWS\Explorer.EXE[236] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[236] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Citrix\GoToMyPC\g2pre.exe[408] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, BD, 83 ]
.text C:\Program Files\Citrix\GoToMyPC\g2pre.exe[408] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Citrix\GoToMyPC\g2pre.exe[408] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Citrix\GoToMyPC\g2tray.exe[624] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 6B, 86 ]
.text C:\Program Files\Citrix\GoToMyPC\g2tray.exe[624] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Citrix\GoToMyPC\g2tray.exe[624] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\ehome\ehtray.exe[636] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, D8, 84 ]
.text C:\WINDOWS\ehome\ehtray.exe[636] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\ehome\ehtray.exe[636] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[656] KERNEL32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, C8, 84 ]
.text C:\WINDOWS\system32\csrss.exe[656] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[656] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[692] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 8E, 84 ]
.text C:\WINDOWS\system32\winlogon.exe[692] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[692] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[736] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 21, 84 ]
.text C:\WINDOWS\system32\services.exe[736] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[736] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[748] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 78, 84 ]
.text C:\WINDOWS\system32\lsass.exe[748] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[748] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[752] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 2A, 84 ]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[752] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[752] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[808] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 22, 84 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[808] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[808] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Norton antivirus\vptray.exe[892] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 36, 84 ]
.text C:\Program Files\Norton antivirus\vptray.exe[892] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Norton antivirus\vptray.exe[892] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 36, 84 ]
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 4B, 84 ]
.text C:\WINDOWS\system32\svchost.exe[976] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[976] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[1024] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 30, 87 ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[1024] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 57, 9E, C3, 83 ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[1024] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[1024] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hot Keyboard Pro1\HotKeyb.exe[1044] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 04, 85 ]
.text C:\Program Files\Hot Keyboard Pro1\HotKeyb.exe[1044] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hot Keyboard Pro1\HotKeyb.exe[1044] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1056] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 14, 87 ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1056] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1056] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 01, 85 ]
.text C:\WINDOWS\System32\svchost.exe[1072] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1072] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 24, 84 ]
.text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text c:\program files\oem\msaspgh\msaspghost.exe[1204] KERNEL32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 5C, 84 ]
.text c:\program files\oem\msaspgh\msaspghost.exe[1204] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text c:\program files\oem\msaspgh\msaspghost.exe[1204] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, EF, 83 ]
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[1360] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, BD, 84 ]
.text C:\WINDOWS\system32\spoolsv.exe[1360] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1360] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Norton antivirus\defwatch.exe[1488] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 52, 84 ]
.text C:\Program Files\Norton antivirus\defwatch.exe[1488] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Norton antivirus\defwatch.exe[1488] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1552] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 67, 84 ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1552] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1552] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\eHome\ehSched.exe[1600] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 1D, 84 ]
.text C:\WINDOWS\eHome\ehSched.exe[1600] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\eHome\ehSched.exe[1600] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Citrix\GoToMyPC\g2svc.exe[1620] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, BE, 83 ]
.text C:\Program Files\Citrix\GoToMyPC\g2svc.exe[1620] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Citrix\GoToMyPC\g2svc.exe[1620] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Citrix\GoToMyPC\g2comm.exe[1972] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 6A, 85 ]
.text C:\Program Files\Citrix\GoToMyPC\g2comm.exe[1972] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Citrix\GoToMyPC\g2comm.exe[1972] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\dllhost.exe[2436] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 02, 84 ]
.text C:\WINDOWS\system32\dllhost.exe[2436] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\system32\dllhost.exe[2436] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\dllhost.exe[2436] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wscntfy.exe[2572] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 1A, 84 ]
.text C:\WINDOWS\system32\wscntfy.exe[2572] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\system32\wscntfy.exe[2572] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wscntfy.exe[2572] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[2676] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 2B, 84 ]
.text C:\WINDOWS\system32\ctfmon.exe[2676] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\system32\ctfmon.exe[2676] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2676] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Norton antivirus\rtvscan.exe[2736] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 55, 89 ]
.text C:\Program Files\Norton antivirus\rtvscan.exe[2736] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Norton antivirus\rtvscan.exe[2736] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\eHome\ehmsas.exe[2956] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, BA, 83 ]
.text C:\WINDOWS\eHome\ehmsas.exe[2956] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\eHome\ehmsas.exe[2956] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\eHome\ehmsas.exe[2956] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[2976] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, EB, 83 ]
.text C:\WINDOWS\System32\alg.exe[2976] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[2976] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\alg.exe[2976] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\MsgSys.EXE[2992] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, AF, 84 ]
.text C:\WINDOWS\system32\MsgSys.EXE[2992] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\system32\MsgSys.EXE[2992] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\MsgSys.EXE[2992] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\Dan\Desktop\gmer.exe[3472] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, B9, 83 ]
.text C:\Documents and Settings\Dan\Desktop\gmer.exe[3472] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Documents and Settings\Dan\Desktop\gmer.exe[3472] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Dan\Desktop\gmer.exe[3472] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Messenger\msmsgs.exe[3488] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 3F, 84 ]
.text C:\Program Files\Messenger\msmsgs.exe[3488] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Messenger\msmsgs.exe[3488] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Messenger\msmsgs.exe[3488] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\nvsvc32.exe[3704] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, F3, 83 ]
.text C:\WINDOWS\system32\nvsvc32.exe[3704] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[3704] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 6D, 84 ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[3784] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 43, A1, C3, 83 ]
.text C:\Program Files\CoCreate\OSDM_Server_2006\SDserver.exe[4028] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 36, 84 ]
.text C:\Program Files\CoCreate\OSDM_Server_2006\SDserver.exe[4028] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\CoCreate\OSDM_Server_2006\SDserver.exe[4028] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[4076] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 35, 84 ]
.text C:\WINDOWS\system32\svchost.exe[4076] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[4076] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wdfmgr.exe[4092] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, E4, 83 ]
.text C:\WINDOWS\system32\wdfmgr.exe[4092] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[4092] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
Device \FileSystem\Fastfat \Fat ED23EC8A
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.14 ----