GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-09-24 22:18:09 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\00000062 SAMSUNG_SP2504C rev.VT100-50 Running: ud8xbb9v.exe; Driver: C:\DOCUME~1\guma\USTAWI~1\Temp\kxqdrfob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAF00F374] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAF0762B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAF033829] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAF011996] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAF0119EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAF011B04] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAF0331DD] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAF0118EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAF011A3E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAF011940] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAF011AB2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAF00F398] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAF033EEF] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAF0341A5] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAF011D88] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAF033D5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAF033BC5] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAF076368] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAF00F162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAF00F3BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAF011EFC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAF00FE54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAF0119C6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAF011A16] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAF011B2E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAF033539] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAF011918] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAF011BC0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAF011A7E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAF01196E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAF011CA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAF011ADC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAF076400] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAF033A40] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAF00FD1A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAF033892] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAF07E6E2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAF032850] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAF00F3E0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAF00F404] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAF00F1BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAF00F2F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAF033FF6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAF00F2D4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAF00F31C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAF00F428] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAF08B9A6] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL AF0104AF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP AF0873DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP AF088E84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP AF08B9AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngFreeUserMem + 674 BF809962 5 Bytes JMP AF012E48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF813956 5 Bytes JMP AF012D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79A8 BF824309 5 Bytes JMP AF0120DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828C73 5 Bytes JMP AF012FB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316BE 5 Bytes JMP AF0131BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B68E BF83A0FC 5 Bytes JMP AF012CC4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP AF012016 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E554 5 Bytes JMP AF012326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E5DF 5 Bytes JMP AF0124CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F852 5 Bytes JMP AF011FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5454 BF864C1E 5 Bytes JMP AF012D7E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 411E BF873F63 5 Bytes JMP AF0124A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF8947C0 5 Bytes JMP AF012EFA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF895298 5 Bytes JMP AF013118 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DEC BF89DBD8 5 Bytes JMP AF01214A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP AF0121E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CA5B2 5 Bytes JMP AF012254 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CA832 5 Bytes JMP AF01228E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2A7 5 Bytes JMP AF011F32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP AF012096 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 25B3 BF913FB9 5 Bytes JMP AF0121AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F12 BF916918 5 Bytes JMP AF0125E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 18FC BF94638A 5 Bytes JMP AF013070 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\spoolsv.exe[328] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[328] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[328] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\spoolsv.exe[328] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[328] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\spoolsv.exe[328] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\spoolsv.exe[328] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\spoolsv.exe[328] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\spoolsv.exe[328] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\spoolsv.exe[328] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\spoolsv.exe[328] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\spoolsv.exe[328] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\spoolsv.exe[328] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\spoolsv.exe[328] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\spoolsv.exe[328] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\spoolsv.exe[328] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\spoolsv.exe[328] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[412] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[412] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[412] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[412] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[412] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[412] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[412] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[412] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[412] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[412] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[412] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[412] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[412] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[412] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[412] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[412] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[624] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[624] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[624] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[624] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[624] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[624] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[624] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[624] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[624] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[624] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[624] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[624] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[624] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[624] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[624] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\smss.exe[656] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[672] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[672] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[672] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[672] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[672] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[672] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[672] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[672] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[672] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[672] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[672] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[672] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[672] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[672] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[672] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[672] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[672] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[696] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[696] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[696] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\wbem\wmiprvse.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[696] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[696] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[696] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[696] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[696] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[696] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[696] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[696] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[712] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[712] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[712] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[712] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[712] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[712] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[712] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[712] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[712] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[712] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[712] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[712] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[712] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[712] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[712] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\csrss.exe[720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[720] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[744] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[744] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[744] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\winlogon.exe[744] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\winlogon.exe[744] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\winlogon.exe[744] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\winlogon.exe[744] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\winlogon.exe[744] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\winlogon.exe[744] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\winlogon.exe[744] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\winlogon.exe[744] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\winlogon.exe[744] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\winlogon.exe[744] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\winlogon.exe[744] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\winlogon.exe[744] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Unlocker\UnlockerAssistant.exe[764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Unlocker\UnlockerAssistant.exe[764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Unlocker\UnlockerAssistant.exe[764] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Unlocker\UnlockerAssistant.exe[764] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Unlocker\UnlockerAssistant.exe[764] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\Program Files\Unlocker\UnlockerAssistant.exe[764] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\Program Files\Unlocker\UnlockerAssistant.exe[764] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\Program Files\Unlocker\UnlockerAssistant.exe[764] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\Program Files\Unlocker\UnlockerAssistant.exe[764] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\Program Files\Unlocker\UnlockerAssistant.exe[764] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\Program Files\Unlocker\UnlockerAssistant.exe[764] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\Program Files\Unlocker\UnlockerAssistant.exe[764] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\Program Files\Unlocker\UnlockerAssistant.exe[764] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Unlocker\UnlockerAssistant.exe[764] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Unlocker\UnlockerAssistant.exe[764] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Unlocker\UnlockerAssistant.exe[764] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Unlocker\UnlockerAssistant.exe[764] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\services.exe[788] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[788] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[788] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\services.exe[788] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\services.exe[788] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\services.exe[788] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\services.exe[788] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\services.exe[788] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\lsass.exe[800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[800] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[800] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\lsass.exe[800] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\lsass.exe[800] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\lsass.exe[800] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\lsass.exe[800] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\AVAST Software\Avast\avastUI.exe[872] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[872] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[944] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[944] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[944] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[944] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[944] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[944] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[944] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[944] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[944] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[944] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[944] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[944] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[944] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[944] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[944] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1176] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1176] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1176] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1176] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1176] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1508] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1508] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1508] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1508] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1508] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1508] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1508] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1508] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1508] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1508] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1508] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1508] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1508] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1508] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1508] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[1624] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1624] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\Explorer.EXE[1624] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\Explorer.EXE[1624] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\Explorer.EXE[1624] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\Explorer.EXE[1624] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\Explorer.EXE[1624] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\Explorer.EXE[1624] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\Explorer.EXE[1624] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\WINDOWS\Explorer.EXE[1624] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\Explorer.EXE[1624] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\Explorer.EXE[1624] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\Explorer.EXE[1624] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\Explorer.EXE[1624] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\WINDOWS\Explorer.EXE[1624] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1728] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1728] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\SOUNDMAN.EXE[2008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\SOUNDMAN.EXE[2008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\SOUNDMAN.EXE[2008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\SOUNDMAN.EXE[2008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\SOUNDMAN.EXE[2008] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\SOUNDMAN.EXE[2008] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\SOUNDMAN.EXE[2008] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\WINDOWS\SOUNDMAN.EXE[2008] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\SOUNDMAN.EXE[2008] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\SOUNDMAN.EXE[2008] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\SOUNDMAN.EXE[2008] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\SOUNDMAN.EXE[2008] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\SOUNDMAN.EXE[2008] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\SOUNDMAN.EXE[2008] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\SOUNDMAN.EXE[2008] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\SOUNDMAN.EXE[2008] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\SOUNDMAN.EXE[2008] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Documents and Settings\guma\Moje dokumenty\Downloads\ud8xbb9v.exe[2748] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Documents and Settings\guma\Moje dokumenty\Downloads\ud8xbb9v.exe[2748] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\guma\Moje dokumenty\Downloads\ud8xbb9v.exe[2748] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Documents and Settings\guma\Moje dokumenty\Downloads\ud8xbb9v.exe[2748] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\guma\Moje dokumenty\Downloads\ud8xbb9v.exe[2748] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009C1014 .text C:\Documents and Settings\guma\Moje dokumenty\Downloads\ud8xbb9v.exe[2748] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009C0804 .text C:\Documents and Settings\guma\Moje dokumenty\Downloads\ud8xbb9v.exe[2748] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009C0A08 .text C:\Documents and Settings\guma\Moje dokumenty\Downloads\ud8xbb9v.exe[2748] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009C0C0C .text C:\Documents and Settings\guma\Moje dokumenty\Downloads\ud8xbb9v.exe[2748] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009C0E10 .text C:\Documents and Settings\guma\Moje dokumenty\Downloads\ud8xbb9v.exe[2748] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009C01F8 .text C:\Documents and Settings\guma\Moje dokumenty\Downloads\ud8xbb9v.exe[2748] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009C03FC .text C:\Documents and Settings\guma\Moje dokumenty\Downloads\ud8xbb9v.exe[2748] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009C0600 .text C:\Documents and Settings\guma\Moje dokumenty\Downloads\ud8xbb9v.exe[2748] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804 .text C:\Documents and Settings\guma\Moje dokumenty\Downloads\ud8xbb9v.exe[2748] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08 .text C:\Documents and Settings\guma\Moje dokumenty\Downloads\ud8xbb9v.exe[2748] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600 .text C:\Documents and Settings\guma\Moje dokumenty\Downloads\ud8xbb9v.exe[2748] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8 .text C:\Documents and Settings\guma\Moje dokumenty\Downloads\ud8xbb9v.exe[2748] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC .text C:\WINDOWS\System32\alg.exe[2760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\alg.exe[2760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\alg.exe[2760] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2760] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\alg.exe[2760] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\alg.exe[2760] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\alg.exe[2760] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\alg.exe[2760] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\alg.exe[2760] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\System32\alg.exe[2760] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\alg.exe[2760] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\alg.exe[2760] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\System32\alg.exe[2760] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\System32\alg.exe[2760] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[2760] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[2760] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\wscntfy.exe[2880] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[2880] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[3816] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\wuauclt.exe[3816] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[3816] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\wuauclt.exe[3816] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[3816] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\wuauclt.exe[3816] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\wuauclt.exe[3816] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\wuauclt.exe[3816] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\wuauclt.exe[3816] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\wuauclt.exe[3816] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\wuauclt.exe[3816] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\wuauclt.exe[3816] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\wuauclt.exe[3816] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\wuauclt.exe[3816] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\wuauclt.exe[3816] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\wuauclt.exe[3816] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\wuauclt.exe[3816] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\wuauclt.exe[3816] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002 IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000 IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [63027266] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!ExitThread] [63027225] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [63027199] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [63027145] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [630272FE] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [63027145] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [63027199] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [630272FE] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [63027266] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [63027145] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [63027199] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [630272FE] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [63058606] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [630271C3] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63027199] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [63027266] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!ExitThread] [63027225] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63027145] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [630272FE] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61001850] C:\Program Files\ATI Technologies\ATI.ACE\Skins\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61001890] C:\Program Files\ATI Technologies\ATI.ACE\Skins\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowLongA] [610015B0] C:\Program Files\ATI Technologies\ATI.ACE\Skins\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowLongW] [610015E0] C:\Program Files\ATI Technologies\ATI.ACE\Skins\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63058582] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [630272B1] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [630272D9] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [61001530] C:\Program Files\ATI Technologies\ATI.ACE\Skins\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongW] [61001570] C:\Program Files\ATI Technologies\ATI.ACE\Skins\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DeferWindowPos] [610014A0] C:\Program Files\ATI Technologies\ATI.ACE\Skins\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [6301CC22] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowRect] [6301CE37] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [63054634] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [63053938] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [630272FE] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [63027145] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitThread] [63027225] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [63027266] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [GDI32.dll!DeleteObject] [63058606] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [63027145] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [63027199] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetProcAddress] [630272FE] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateThread] [63027266] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryExA] [630271C3] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TrackPopupMenuEx] [630272D9] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcA] [61001850] C:\Program Files\ATI Technologies\ATI.ACE\Skins\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!SetWindowPos] [6301CC22] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetWindowRect] [6301CE37] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!SetWindowLongW] [61001570] C:\Program Files\ATI Technologies\ATI.ACE\Skins\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetWindowLongW] [610015E0] C:\Program Files\ATI Technologies\ATI.ACE\Skins\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DeferWindowPos] [610014A0] C:\Program Files\ATI Technologies\ATI.ACE\Skins\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetSysColor] [63058582] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcW] [61001890] C:\Program Files\ATI Technologies\ATI.ACE\Skins\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetSysColorBrush] [63058639] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!FillRect] [63026FC0] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DrawFrameControl] [6301D3AB] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetWindowPlacement] [6301C804] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!MoveWindow] [6301CA17] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TrackPopupMenu] [630272B1] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!CallWindowProcW] [63054634] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!SetScrollInfo] [61001750] C:\Program Files\ATI Technologies\ATI.ACE\Skins\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetWindowLongA] [610015B0] C:\Program Files\ATI Technologies\ATI.ACE\Skins\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [63058606] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [630272FE] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [63027145] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [63027199] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [63027266] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [630271C3] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [63058582] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [63054634] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [61001890] C:\Program Files\ATI Technologies\ATI.ACE\Skins\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetWindowLongW] [610015E0] C:\Program Files\ATI Technologies\ATI.ACE\Skins\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowLongW] [61001570] C:\Program Files\ATI Technologies\ATI.ACE\Skins\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetWindowRect] [6301CE37] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!MoveWindow] [6301CA17] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [630272FE] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!LoadLibraryA] [63027145] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!CreateThread] [63027266] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [63027145] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [63027266] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [630272FE] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [63027199] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [63027145] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [630272FE] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [63027266] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[972] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!ExitThread] [63027225] C:\Program Files\ATI Technologies\ATI.ACE\skins\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x39 0x85 0x28 0xE6 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC3 0xFE 0x41 0x2D ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF0 0xD1 0x8A 0xBC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCB 0xBB 0x3D 0x1B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC3 0xFE 0x41 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x10 0x97 0x6B 0xCC ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x38 0x12 0xFB 0x82 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC3 0xFE 0x41 0x2D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF0 0xD1 0x8A 0xBC ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCB 0xBB 0x3D 0x1B ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC3 0xFE 0x41 0x2D ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x10 0x97 0x6B 0xCC ... ---- EOF - GMER 1.0.15 ----