GMER 1.0.15.15570 - http://www.gmer.net Rootkit scan 2012-05-19 15:26:06 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-00HEA0 rev.13.03G13 Running: mymoogi8.exe; Driver: C:\DOCUME~1\Krystian\USTAWI~1\Temp\pxtdqpoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xBAAB8DF8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xBAB45A5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xBAAB985E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xBAAE5D5D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xBAABE2E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xBAABE330] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xBAABE422] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xBAAE5711] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xBAABE252] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xF76E7B00] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xBAABE374] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xBAABE29A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xBAABE3DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xBAAB8E44] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xBAAE6423] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xBAAE66D9] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xBAABB9A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xBAAE628E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xBAAE60F9] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xBAB45B34] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xBAAB8AD6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xBAAB8E90] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xBAABBD1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xBAAB9B02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xBAABE30E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xBAABE352] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenFile [0xF76E7B40] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xBAABE446] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xBAAE5A6D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xBAABE278] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xBAABB518] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xBAABE3AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xBAABE2C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xBAABB74C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xBAABE400] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xBAB45CA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xBAAE5F74] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xBAAB99CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xBAAE5DC6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xBAB4FB68] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xBAAE4D84] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xBAAB8EDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xBAAB8F28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xBAAB8B46] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xBAAB8CEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xBAAE652A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xBAAB8C92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xBAAB8D5A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xBAB45D60] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xBAAB8F74] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xBAB45BE0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xBAB5BD92] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 214 804E2870 16 Bytes [0E, E3, AB, BA, 52, E3, AB, ...] PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP BAB5A74C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056B712 4 Bytes CALL BAABA19F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC60 7 Bytes JMP BAB5BD96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F84D 5 Bytes JMP BAB58C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngFreeUserMem + 674 BF809FDF 5 Bytes JMP BAABD180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 3625 BF80CF90 5 Bytes JMP BAABD07C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF8138FE 5 Bytes JMP BAABD036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 320C BF81E743 5 Bytes JMP BAABBE66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 199A BF820E6C 5 Bytes JMP BAABC724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 7657 BF82868B 5 Bytes JMP BAABBF84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 698 BF838560 5 Bytes JMP BAABD2EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + BB6 BF838A7E 5 Bytes JMP BAABCF3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 3605 BF83B4CD 5 Bytes JMP BAABD4F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + D9AB BF845873 5 Bytes JMP BAABBFF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 113C6 BF84928E 5 Bytes JMP BAABC70C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMultiByteToWideChar + 2E60 BF852720 5 Bytes JMP BAABC7E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMultiByteToWideChar + 2F20 BF8527E0 5 Bytes JMP BAABBE4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMultiByteToWideChar + 84B4 BF857D74 5 Bytes JMP BAABD450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 23AD BF873983 5 Bytes JMP BAABD232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 37BB BF87882D 5 Bytes JMP BAABD0BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 413A BF890AD9 5 Bytes JMP BAABC51C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF8ADD61 5 Bytes JMP BAABC7FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 4B52 BF8B3770 5 Bytes JMP BAABC384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 4BDD BF8B37FB 5 Bytes JMP BAABC562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 9286 BF8C31E7 1 Byte [E9] .text win32k.sys!EngAlphaBlend + 9286 BF8C31E7 5 Bytes JMP BAABC104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19CE BF8ED991 5 Bytes JMP BAABBD52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 9006 BF8F4FC9 5 Bytes JMP BAABC73C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + D4C6 BF8F9489 5 Bytes JMP BAABC1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + D746 BF8F9709 5 Bytes JMP BAABC2E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1994 BF912612 5 Bytes JMP BAABBF22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2568 BF9131E6 5 Bytes JMP BAABC0B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F29 BF915BA7 5 Bytes JMP BAABC67C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1931 BF9438F8 5 Bytes JMP BAABD3A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[244] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[244] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[244] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[244] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[244] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00821014 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[244] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00820804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[244] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00820A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[244] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00820C0C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[244] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00820E10 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[244] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 008201F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[244] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 008203FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[244] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00820600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[244] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00830804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[244] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 10665EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[244] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 10665E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[244] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 10454822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[244] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00830A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[244] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00830600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[244] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 008301F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[244] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 008303FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[244] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 10454DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[756] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 012AC930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[756] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[756] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\Mozilla Firefox\firefox.exe[756] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 014DE0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[756] kernel32.dll!MapViewOfFile 7C80B995 5 Bytes JMP 014DE083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[756] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[756] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\Program Files\Mozilla Firefox\firefox.exe[756] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[756] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\Program Files\Mozilla Firefox\firefox.exe[756] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[756] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\Program Files\Mozilla Firefox\firefox.exe[756] GDI32.dll!CreateDIBSection 77F19E09 1 Byte [E9] .text C:\Program Files\Mozilla Firefox\firefox.exe[756] GDI32.dll!CreateDIBSection 77F19E09 5 Bytes JMP 014DE00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[756] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 025B1014 .text C:\Program Files\Mozilla Firefox\firefox.exe[756] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 025B0804 .text C:\Program Files\Mozilla Firefox\firefox.exe[756] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 025B0A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[756] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 025B0C0C .text C:\Program Files\Mozilla Firefox\firefox.exe[756] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 025B0E10 .text C:\Program Files\Mozilla Firefox\firefox.exe[756] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 025B01F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[756] ADVAPI32.dll!CreateServiceW 77E27381 3 Bytes JMP 025B03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[756] ADVAPI32.dll!CreateServiceW + 4 77E27385 1 Byte [8A] .text C:\Program Files\Mozilla Firefox\firefox.exe[756] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 025B0600 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[760] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[760] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[768] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[768] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[768] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[768] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[768] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[768] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[768] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[768] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[768] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[768] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[768] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[768] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[768] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[768] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[768] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[768] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text D:\PROGRAMY\PSE7\PhotoshopElementsFileAgent.exe[800] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text D:\PROGRAMY\PSE7\PhotoshopElementsFileAgent.exe[800] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text D:\PROGRAMY\PSE7\PhotoshopElementsFileAgent.exe[800] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text D:\PROGRAMY\PSE7\PhotoshopElementsFileAgent.exe[800] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text D:\PROGRAMY\PSE7\PhotoshopElementsFileAgent.exe[800] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003F1014 .text D:\PROGRAMY\PSE7\PhotoshopElementsFileAgent.exe[800] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003F0804 .text D:\PROGRAMY\PSE7\PhotoshopElementsFileAgent.exe[800] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003F0A08 .text D:\PROGRAMY\PSE7\PhotoshopElementsFileAgent.exe[800] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003F0C0C .text D:\PROGRAMY\PSE7\PhotoshopElementsFileAgent.exe[800] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003F0E10 .text D:\PROGRAMY\PSE7\PhotoshopElementsFileAgent.exe[800] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003F01F8 .text D:\PROGRAMY\PSE7\PhotoshopElementsFileAgent.exe[800] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003F03FC .text D:\PROGRAMY\PSE7\PhotoshopElementsFileAgent.exe[800] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003F0600 .text D:\PROGRAMY\PSE7\PhotoshopElementsFileAgent.exe[800] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00430804 .text D:\PROGRAMY\PSE7\PhotoshopElementsFileAgent.exe[800] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00430A08 .text D:\PROGRAMY\PSE7\PhotoshopElementsFileAgent.exe[800] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00430600 .text D:\PROGRAMY\PSE7\PhotoshopElementsFileAgent.exe[800] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004301F8 .text D:\PROGRAMY\PSE7\PhotoshopElementsFileAgent.exe[800] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004303FC .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[832] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[832] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[832] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[832] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[832] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[840] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[840] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[840] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[840] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[840] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003F1014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[840] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[840] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[840] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003F0C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[840] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003F0E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[840] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[840] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003F03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[840] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[840] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00450804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[840] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00450A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[840] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00450600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[840] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004501F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[840] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004503FC .text C:\Program Files\AVAST Software\Avast\avastUI.exe[848] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[848] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[888] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\ctfmon.exe[888] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[888] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\ctfmon.exe[888] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[888] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\ctfmon.exe[888] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\ctfmon.exe[888] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\ctfmon.exe[888] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\ctfmon.exe[888] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\ctfmon.exe[888] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\ctfmon.exe[888] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\ctfmon.exe[888] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\ctfmon.exe[888] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\ctfmon.exe[888] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\ctfmon.exe[888] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\ctfmon.exe[888] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\ctfmon.exe[888] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\ctfmon.exe[888] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\Program Files\cFosSpeed\spd.exe[924] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\cFosSpeed\spd.exe[924] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\cFosSpeed\spd.exe[924] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\cFosSpeed\spd.exe[924] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\cFosSpeed\spd.exe[924] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Program Files\cFosSpeed\spd.exe[924] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Program Files\cFosSpeed\spd.exe[924] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Program Files\cFosSpeed\spd.exe[924] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Program Files\cFosSpeed\spd.exe[924] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Program Files\cFosSpeed\spd.exe[924] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Program Files\cFosSpeed\spd.exe[924] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Program Files\cFosSpeed\spd.exe[924] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Program Files\cFosSpeed\spd.exe[924] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\cFosSpeed\spd.exe[924] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\cFosSpeed\spd.exe[924] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\cFosSpeed\spd.exe[924] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\cFosSpeed\spd.exe[924] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1068] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1068] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1068] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\smss.exe[1188] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1348] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1348] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1348] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\Ati2evxx.exe[1348] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1348] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\Ati2evxx.exe[1348] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\Ati2evxx.exe[1348] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\Ati2evxx.exe[1348] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1348] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\Ati2evxx.exe[1348] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\Ati2evxx.exe[1348] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\Ati2evxx.exe[1348] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\Ati2evxx.exe[1348] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\Ati2evxx.exe[1348] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\Ati2evxx.exe[1348] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1348] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\Ati2evxx.exe[1348] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\WINDOWS\System32\alg.exe[1384] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\alg.exe[1384] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[1384] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\alg.exe[1384] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[1384] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\alg.exe[1384] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\alg.exe[1384] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\alg.exe[1384] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\alg.exe[1384] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\alg.exe[1384] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00311014 .text C:\WINDOWS\System32\alg.exe[1384] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\alg.exe[1384] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\alg.exe[1384] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00310C0C .text C:\WINDOWS\System32\alg.exe[1384] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00310E10 .text C:\WINDOWS\System32\alg.exe[1384] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[1384] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[1384] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00310600 .text C:\WINDOWS\Explorer.EXE[1464] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[1464] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1464] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[1464] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1464] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00381014 .text C:\WINDOWS\Explorer.EXE[1464] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00380804 .text C:\WINDOWS\Explorer.EXE[1464] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00380A08 .text C:\WINDOWS\Explorer.EXE[1464] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00380C0C .text C:\WINDOWS\Explorer.EXE[1464] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00380E10 .text C:\WINDOWS\Explorer.EXE[1464] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003801F8 .text C:\WINDOWS\Explorer.EXE[1464] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003803FC .text C:\WINDOWS\Explorer.EXE[1464] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00380600 .text C:\WINDOWS\Explorer.EXE[1464] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\Explorer.EXE[1464] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\Explorer.EXE[1464] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\Explorer.EXE[1464] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\Explorer.EXE[1464] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\Explorer.EXE[1464] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1492] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1492] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1492] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1492] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1492] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003F1014 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1492] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003F0804 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1492] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003F0A08 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1492] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003F0C0C .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1492] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003F0E10 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1492] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003F01F8 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1492] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003F03FC .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1492] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003F0600 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1492] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00560804 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1492] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00560A08 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1492] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00560600 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1492] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005601F8 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1492] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005603FC .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1592] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1592] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1592] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1644] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1644] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1648] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[1648] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1648] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\spoolsv.exe[1648] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1648] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\spoolsv.exe[1648] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\spoolsv.exe[1648] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\spoolsv.exe[1648] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\spoolsv.exe[1648] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\spoolsv.exe[1648] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\spoolsv.exe[1648] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\spoolsv.exe[1648] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\spoolsv.exe[1648] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\spoolsv.exe[1648] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\spoolsv.exe[1648] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\spoolsv.exe[1648] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\spoolsv.exe[1648] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\winlogon.exe[1672] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[1672] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1672] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[1672] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1672] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\winlogon.exe[1672] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\winlogon.exe[1672] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\winlogon.exe[1672] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\winlogon.exe[1672] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\winlogon.exe[1672] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\winlogon.exe[1672] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\winlogon.exe[1672] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\winlogon.exe[1672] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\winlogon.exe[1672] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\winlogon.exe[1672] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\winlogon.exe[1672] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\winlogon.exe[1672] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\services.exe[1716] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[1716] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1716] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[1716] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1716] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\services.exe[1716] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\services.exe[1716] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[1716] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\services.exe[1716] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\services.exe[1716] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\services.exe[1716] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\services.exe[1716] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\services.exe[1716] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\services.exe[1716] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\services.exe[1716] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\services.exe[1716] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\services.exe[1716] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\lsass.exe[1728] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[1728] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1728] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[1728] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1728] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\lsass.exe[1728] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[1728] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[1728] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\lsass.exe[1728] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\lsass.exe[1728] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\lsass.exe[1728] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\lsass.exe[1728] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[1728] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\lsass.exe[1728] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\lsass.exe[1728] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\lsass.exe[1728] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\lsass.exe[1728] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1772] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1772] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1772] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1772] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1772] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003F1014 .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1772] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003F0804 .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1772] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003F0A08 .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1772] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003F0C0C .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1772] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003F0E10 .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1772] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003F01F8 .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1772] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003F03FC .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1772] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003F0600 .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1772] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004A0804 .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1772] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 004A0A08 .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1772] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 004A0600 .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1772] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004A01F8 .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[1772] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004A03FC .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1896] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8 .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1896] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1896] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1896] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1896] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003D1014 .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1896] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003D0804 .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1896] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003D0A08 .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1896] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003D0C0C .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1896] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003D0E10 .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1896] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003D01F8 .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1896] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003D03FC .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1896] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003D0600 .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1896] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1896] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1896] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1896] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1896] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\Ati2evxx.exe[1940] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1940] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1940] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\Ati2evxx.exe[1940] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1940] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\Ati2evxx.exe[1940] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[2036] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[2036] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[2036] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[2036] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[2036] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Java\jre6\bin\jqs.exe[2176] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[2176] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[2176] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\Java\jre6\bin\jqs.exe[2176] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[2176] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Program Files\Java\jre6\bin\jqs.exe[2176] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Program Files\Java\jre6\bin\jqs.exe[2176] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Program Files\Java\jre6\bin\jqs.exe[2176] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Program Files\Java\jre6\bin\jqs.exe[2176] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Program Files\Java\jre6\bin\jqs.exe[2176] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[2176] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Program Files\Java\jre6\bin\jqs.exe[2176] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Program Files\Java\jre6\bin\jqs.exe[2176] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Java\jre6\bin\jqs.exe[2176] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Java\jre6\bin\jqs.exe[2176] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Java\jre6\bin\jqs.exe[2176] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[2176] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2256] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2256] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2256] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2256] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2256] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2256] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2256] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2256] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2256] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2256] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2256] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2256] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2256] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2256] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2256] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2256] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2256] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\svchost.exe[2404] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[2404] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2404] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[2404] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2404] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[2404] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[2404] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[2404] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[2404] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[2404] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[2404] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[2404] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[2404] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[2404] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[2404] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[2404] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[2404] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Documents and Settings\Krystian\Pulpit\Programy\mymoogi8.exe[2660] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Documents and Settings\Krystian\Pulpit\Programy\mymoogi8.exe[2660] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Krystian\Pulpit\Programy\mymoogi8.exe[2660] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Documents and Settings\Krystian\Pulpit\Programy\mymoogi8.exe[2660] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Krystian\Pulpit\Programy\mymoogi8.exe[2660] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 009C1014 .text C:\Documents and Settings\Krystian\Pulpit\Programy\mymoogi8.exe[2660] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 009C0804 .text C:\Documents and Settings\Krystian\Pulpit\Programy\mymoogi8.exe[2660] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 009C0A08 .text C:\Documents and Settings\Krystian\Pulpit\Programy\mymoogi8.exe[2660] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 009C0C0C .text C:\Documents and Settings\Krystian\Pulpit\Programy\mymoogi8.exe[2660] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 009C0E10 .text C:\Documents and Settings\Krystian\Pulpit\Programy\mymoogi8.exe[2660] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 009C01F8 .text C:\Documents and Settings\Krystian\Pulpit\Programy\mymoogi8.exe[2660] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 009C03FC .text C:\Documents and Settings\Krystian\Pulpit\Programy\mymoogi8.exe[2660] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 009C0600 .text C:\Documents and Settings\Krystian\Pulpit\Programy\mymoogi8.exe[2660] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804 .text C:\Documents and Settings\Krystian\Pulpit\Programy\mymoogi8.exe[2660] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08 .text C:\Documents and Settings\Krystian\Pulpit\Programy\mymoogi8.exe[2660] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600 .text C:\Documents and Settings\Krystian\Pulpit\Programy\mymoogi8.exe[2660] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8 .text C:\Documents and Settings\Krystian\Pulpit\Programy\mymoogi8.exe[2660] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC .text C:\WINDOWS\System32\svchost.exe[3224] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[3224] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3224] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[3224] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[3224] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[3224] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[3224] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[3224] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[3224] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[3224] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\cFosSpeed\cfosspeed.exe[3368] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\cFosSpeed\cfosspeed.exe[3368] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\cFosSpeed\cfosspeed.exe[3368] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\cFosSpeed\cfosspeed.exe[3368] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\cFosSpeed\cfosspeed.exe[3368] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Program Files\cFosSpeed\cfosspeed.exe[3368] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Program Files\cFosSpeed\cfosspeed.exe[3368] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Program Files\cFosSpeed\cfosspeed.exe[3368] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Program Files\cFosSpeed\cfosspeed.exe[3368] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Program Files\cFosSpeed\cfosspeed.exe[3368] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Program Files\cFosSpeed\cfosspeed.exe[3368] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Program Files\cFosSpeed\cfosspeed.exe[3368] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Program Files\cFosSpeed\cfosspeed.exe[3368] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\cFosSpeed\cfosspeed.exe[3368] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\cFosSpeed\cfosspeed.exe[3368] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\cFosSpeed\cfosspeed.exe[3368] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\cFosSpeed\cfosspeed.exe[3368] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[848] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1592] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\WINDOWS\system32\services.exe[1716] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002 IAT C:\WINDOWS\system32\services.exe[1716] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 83AB22C0 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Fastfat \FatCdrom 835504A8 AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\USB_RNDIS \Device\{8AC05464-E278-4DFB-9E5E-7DA62B8234D1} RNDISMP.SYS (Remote NDIS Miniport/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Cdrom \Device\CdRom0 83760F00 Device \FileSystem\Rdbss \Device\FsWrap 8356C4B0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 8386BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8386BD68 Device \Driver\atapi \Device\Ide\IdePort0 8386BD68 Device \Driver\atapi \Device\Ide\IdePort1 8386BD68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 8386BD68 Device \Driver\Cdrom \Device\CdRom1 83760F00 Device \Driver\Cdrom \Device\CdRom2 83760F00 Device \FileSystem\Srv \Device\LanmanServer 83471F18 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8358E270 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8358E270 Device \FileSystem\Npfs \Device\NamedPipe 83592568 Device \FileSystem\Msfs \Device\Mailslot 83789438 Device \Driver\a347scsi \Device\Scsi\a347scsi1 83793AE0 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 83793AE0 Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Fastfat \Fat 835504A8 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 836AB850 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 836AB850 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 836AB850 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 836AB850 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 836AB850 Device \FileSystem\Cdfs \Cdfs 838EC128 ---- Modules - GMER 1.0.15 ---- Module _________ F7649000-F7661000 (98304 bytes) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120% Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120% ---- EOF - GMER 1.0.15 ----