GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2005-01-01 02:04:24 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160812A rev.3.AAE Running: ns7lv0st.exe; Driver: C:\DOCUME~1\peelka\USTAWI~1\Temp\fwnyqkog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF0137DF8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF01ECA5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xF013885E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF0164D5D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF013D2E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF013D330] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF013D422] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF0164711] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF013D252] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF013D374] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF013D29A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF013D3DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF0137E44] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF0165423] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF01656D9] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF013A9A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF016528E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF01650F9] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF01ECB34] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF0137AD6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF0137E90] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF013AD1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF0138B02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF013D30E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF013D352] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF013D446] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF0164A6D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF013D278] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF013A518] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF013D3AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF013D2C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF013A74C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF013D400] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF01ECCA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF0164F74] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF01389CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF0164DC6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF01F6B68] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF0163D84] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF0137EDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF0137F28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF0137B46] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF0137CEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF016552A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF0137C92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF0137D5A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xF01ECD60] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF0137F74] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xF01ECBE0] INT 0x62 ? 86FD9BF8 INT 0x63 ? 86CFBF00 INT 0x73 ? 86F6DBF8 INT 0x82 ? 86FD9BF8 INT 0x83 ? 86F6DBF8 INT 0xB4 ? 86CFBF00 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF0202D92] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B8D6 4 Bytes CALL F013919F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1D9E 5 Bytes JMP F01FFC8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805B8C16 5 Bytes JMP F020174C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C74C0 7 Bytes JMP F0202D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ? punsub.sys Nie można odnaleźć określonego pliku. ! ? spvs.sys Nie można odnaleźć określonego pliku. ! .text USBPORT.SYS!DllUnload F34EF8AC 5 Bytes JMP 86CFB4E0 .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF26D63A0, 0x585395, 0xE8000020] .text ad00l9iw.SYS F2662386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text ad00l9iw.SYS F26623AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text ad00l9iw.SYS F26623C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text ad00l9iw.SYS F26623C9 1 Byte [30] .text ad00l9iw.SYS F26623C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL} .text ... .text win32k.sys!EngFreeUserMem + 674 BF8098E2 5 Bytes JMP F013C180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C83E 5 Bytes JMP F013C07C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF8138D6 5 Bytes JMP F013C036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C540 5 Bytes JMP F013B724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79A8 BF8240B0 5 Bytes JMP F013AF84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828A1A 5 Bytes JMP F013C2EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF831465 5 Bytes JMP F013C4F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B687 BF839E9C 5 Bytes JMP F013BF3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85173B 5 Bytes JMP F013AE66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC5A 5 Bytes JMP F013B7E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2C4 5 Bytes JMP F013B384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E34F 5 Bytes JMP F013B562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F5C2 5 Bytes JMP F013AE4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5457 BF864991 5 Bytes JMP F013C0BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 4128 BF873CC4 5 Bytes JMP F013B51C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF890F01 5 Bytes JMP F013B7FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF8944AC 5 Bytes JMP F013C232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF894F84 5 Bytes JMP F013C450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 3857 BF89C32B 5 Bytes JMP F013B70C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DEC BF89D8C0 5 Bytes JMP F013AFF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A9DB BF8C1E40 5 Bytes JMP F013B104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CA2A2 5 Bytes JMP F013B1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CA522 5 Bytes JMP F013B2E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EBEF7 5 Bytes JMP F013AD52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + CB46 BF8F4EFF 5 Bytes JMP F013B73C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1A2D BF9136C2 5 Bytes JMP F013AF22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2601 BF914296 5 Bytes JMP F013B0B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F7A BF916C0F 5 Bytes JMP F013B67C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 194D BF946CFD 5 Bytes JMP F013C3A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Bonjour\mDNSResponder.exe[192] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[192] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[192] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Bonjour\mDNSResponder.exe[192] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[192] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Bonjour\mDNSResponder.exe[192] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Bonjour\mDNSResponder.exe[192] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[192] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Bonjour\mDNSResponder.exe[192] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Bonjour\mDNSResponder.exe[192] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[192] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Bonjour\mDNSResponder.exe[192] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Bonjour\mDNSResponder.exe[192] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Bonjour\mDNSResponder.exe[192] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[192] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Bonjour\mDNSResponder.exe[192] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[192] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\RUNDLL32.EXE[572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\RUNDLL32.EXE[572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\RUNDLL32.EXE[572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\RUNDLL32.EXE[572] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\RUNDLL32.EXE[572] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\RUNDLL32.EXE[572] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\RUNDLL32.EXE[572] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\RUNDLL32.EXE[572] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\RUNDLL32.EXE[572] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\system32\RUNDLL32.EXE[572] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\RUNDLL32.EXE[572] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\RUNDLL32.EXE[572] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\system32\RUNDLL32.EXE[572] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\system32\RUNDLL32.EXE[572] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\RUNDLL32.EXE[572] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\RUNDLL32.EXE[572] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\smss.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\notepad.exe[700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text C:\WINDOWS\notepad.exe[700] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\notepad.exe[700] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text C:\WINDOWS\notepad.exe[700] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\notepad.exe[700] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\notepad.exe[700] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\notepad.exe[700] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\notepad.exe[700] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\notepad.exe[700] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\notepad.exe[700] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\notepad.exe[700] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\notepad.exe[700] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\WINDOWS\notepad.exe[700] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\notepad.exe[700] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\notepad.exe[700] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\notepad.exe[700] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\notepad.exe[700] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\csrss.exe[708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[708] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[732] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\winlogon.exe[732] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\winlogon.exe[732] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\winlogon.exe[732] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\winlogon.exe[732] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\winlogon.exe[732] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\winlogon.exe[732] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\winlogon.exe[732] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\winlogon.exe[732] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\winlogon.exe[732] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\winlogon.exe[732] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\winlogon.exe[732] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\winlogon.exe[732] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\services.exe[776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[776] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\services.exe[776] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\services.exe[776] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\services.exe[776] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\services.exe[776] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\services.exe[776] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[788] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\lsass.exe[788] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\lsass.exe[788] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\lsass.exe[788] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\lsass.exe[788] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\nvsvc32.exe[948] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\nvsvc32.exe[948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[948] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\nvsvc32.exe[948] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[948] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\nvsvc32.exe[948] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\nvsvc32.exe[948] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\nvsvc32.exe[948] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\nvsvc32.exe[948] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\nvsvc32.exe[948] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\nvsvc32.exe[948] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\nvsvc32.exe[948] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\nvsvc32.exe[948] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\nvsvc32.exe[948] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\nvsvc32.exe[948] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\nvsvc32.exe[948] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\nvsvc32.exe[948] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\svchost.exe[1108] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1108] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1108] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[1108] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[1108] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[1108] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[1108] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[1108] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1228] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1228] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1228] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1228] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1228] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1228] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1228] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1228] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1228] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1228] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1228] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1228] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1228] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1228] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1404] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1404] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe[1504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe[1504] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe[1504] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe[1504] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe[1504] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe[1504] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe[1504] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe[1504] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe[1504] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe[1504] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe[1504] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe[1504] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe[1504] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe[1504] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe[1504] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe[1504] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe[1504] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1600] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1600] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1600] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1852] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1852] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00621014 .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1852] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00620804 .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1852] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00620A08 .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1852] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00620C0C .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1852] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00620E10 .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1852] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 006201F8 .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1852] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 006203FC .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1852] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00620600 .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1852] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00630804 .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1852] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00630A08 .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1852] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00630600 .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1852] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 006301F8 .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1852] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 006303FC .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1912] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1912] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1912] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1912] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1912] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1912] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1912] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1912] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1912] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1912] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1912] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1912] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1912] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1912] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1912] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text E:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text E:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1920] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text E:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1920] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text E:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text E:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1920] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text E:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1920] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text E:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1920] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text E:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1920] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text E:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1920] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text E:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1920] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text E:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1920] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text E:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1920] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text E:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1920] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00560804 .text E:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1920] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00560A08 .text E:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1920] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00560600 .text E:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1920] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005601F8 .text E:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1920] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005603FC .text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1952] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1952] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1952] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1952] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1952] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1996] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[1996] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1996] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[1996] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1996] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\Explorer.EXE[1996] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\Explorer.EXE[1996] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\Explorer.EXE[1996] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\Explorer.EXE[1996] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\Explorer.EXE[1996] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\Explorer.EXE[1996] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\Explorer.EXE[1996] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\Explorer.EXE[1996] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\Explorer.EXE[1996] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\Explorer.EXE[1996] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\Explorer.EXE[1996] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\Explorer.EXE[1996] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\Explorer.EXE[1996] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\WINDOWS\system32\ctfmon.exe[2020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\ctfmon.exe[2020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2020] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\ctfmon.exe[2020] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2020] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\ctfmon.exe[2020] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\ctfmon.exe[2020] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\ctfmon.exe[2020] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\ctfmon.exe[2020] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\ctfmon.exe[2020] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\ctfmon.exe[2020] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\ctfmon.exe[2020] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\ctfmon.exe[2020] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\ctfmon.exe[2020] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\ctfmon.exe[2020] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\ctfmon.exe[2020] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\ctfmon.exe[2020] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\ctfmon.exe[2020] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\Program Files\Java\jre6\bin\jqs.exe[2092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[2092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[2092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Java\jre6\bin\jqs.exe[2092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[2092] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Java\jre6\bin\jqs.exe[2092] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Java\jre6\bin\jqs.exe[2092] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Java\jre6\bin\jqs.exe[2092] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Java\jre6\bin\jqs.exe[2092] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Java\jre6\bin\jqs.exe[2092] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[2092] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Java\jre6\bin\jqs.exe[2092] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Java\jre6\bin\jqs.exe[2092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Java\jre6\bin\jqs.exe[2092] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Java\jre6\bin\jqs.exe[2092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Java\jre6\bin\jqs.exe[2092] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[2092] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\System32\alg.exe[2444] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\alg.exe[2444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2444] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\alg.exe[2444] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2444] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\alg.exe[2444] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\alg.exe[2444] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\alg.exe[2444] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\alg.exe[2444] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\alg.exe[2444] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\System32\alg.exe[2444] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\alg.exe[2444] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\alg.exe[2444] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\System32\alg.exe[2444] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\System32\alg.exe[2444] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[2444] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[2444] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[2500] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000C01F8 .text C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[2500] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[2500] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000C03FC .text C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[2500] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[2500] ADVAPI32.DLL!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00371014 .text C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[2500] ADVAPI32.DLL!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00370804 .text C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[2500] ADVAPI32.DLL!ChangeServiceConfigW 77E27001 5 Bytes JMP 00370A08 .text C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[2500] ADVAPI32.DLL!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00370C0C .text C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[2500] ADVAPI32.DLL!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00370E10 .text C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[2500] ADVAPI32.DLL!CreateServiceA 77E27211 5 Bytes JMP 003701F8 .text C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[2500] ADVAPI32.DLL!CreateServiceW 77E273A9 5 Bytes JMP 003703FC .text C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[2500] ADVAPI32.DLL!DeleteService 77E274B1 5 Bytes JMP 00370600 .text C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[2500] USER32.DLL!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804 .text C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[2500] USER32.DLL!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08 .text C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[2500] USER32.DLL!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82] .text C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[2500] USER32.DLL!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600 .text C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[2500] USER32.DLL!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8 .text C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[2500] USER32.DLL!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\svchost.exe[2640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[2640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[2640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2640] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[2640] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[2640] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[2640] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[2640] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[2640] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[2640] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[2640] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[2640] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[2640] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[2640] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[2640] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[2640] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\UAService7.exe[3076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\UAService7.exe[3076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\UAService7.exe[3076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\UAService7.exe[3076] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\UAService7.exe[3076] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\WINDOWS\system32\UAService7.exe[3076] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\UAService7.exe[3076] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\UAService7.exe[3076] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\WINDOWS\system32\UAService7.exe[3076] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\WINDOWS\system32\UAService7.exe[3076] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\UAService7.exe[3076] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\UAService7.exe[3076] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\WINDOWS\System32\svchost.exe[3608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[3608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[3608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3608] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[3608] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[3608] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[3608] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[3608] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[3608] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[3608] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[3608] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[3608] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[3608] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[3608] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[3608] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[3608] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Documents and Settings\peelka\Pulpit\Serwis\ns7lv0st.exe[3920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Documents and Settings\peelka\Pulpit\Serwis\ns7lv0st.exe[3920] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\peelka\Pulpit\Serwis\ns7lv0st.exe[3920] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Documents and Settings\peelka\Pulpit\Serwis\ns7lv0st.exe[3920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\peelka\Pulpit\Serwis\ns7lv0st.exe[3920] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009C1014 .text C:\Documents and Settings\peelka\Pulpit\Serwis\ns7lv0st.exe[3920] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009C0804 .text C:\Documents and Settings\peelka\Pulpit\Serwis\ns7lv0st.exe[3920] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009C0A08 .text C:\Documents and Settings\peelka\Pulpit\Serwis\ns7lv0st.exe[3920] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009C0C0C .text C:\Documents and Settings\peelka\Pulpit\Serwis\ns7lv0st.exe[3920] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009C0E10 .text C:\Documents and Settings\peelka\Pulpit\Serwis\ns7lv0st.exe[3920] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009C01F8 .text C:\Documents and Settings\peelka\Pulpit\Serwis\ns7lv0st.exe[3920] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009C03FC .text C:\Documents and Settings\peelka\Pulpit\Serwis\ns7lv0st.exe[3920] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009C0600 .text C:\Documents and Settings\peelka\Pulpit\Serwis\ns7lv0st.exe[3920] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804 .text C:\Documents and Settings\peelka\Pulpit\Serwis\ns7lv0st.exe[3920] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08 .text C:\Documents and Settings\peelka\Pulpit\Serwis\ns7lv0st.exe[3920] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600 .text C:\Documents and Settings\peelka\Pulpit\Serwis\ns7lv0st.exe[3920] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8 .text C:\Documents and Settings\peelka\Pulpit\Serwis\ns7lv0st.exe[3920] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F72DC042] spvs.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72DC13E] spvs.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72DC0C0] spvs.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72DC800] spvs.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72DC6D6] spvs.sys IAT \SystemRoot\System32\Drivers\ad00l9iw.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E IAT \SystemRoot\System32\Drivers\ad00l9iw.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88 IAT \SystemRoot\System32\Drivers\ad00l9iw.SYS[HAL.dll!KeGetCurrentIrql] 9E880000 IAT \SystemRoot\System32\Drivers\ad00l9iw.SYS[HAL.dll!KfRaiseIrql] 00001CA9 IAT \SystemRoot\System32\Drivers\ad00l9iw.SYS[HAL.dll!KfLowerIrql] 0E798366 IAT \SystemRoot\System32\Drivers\ad00l9iw.SYS[HAL.dll!HalGetInterruptVector] 74AAB000 IAT \SystemRoot\System32\Drivers\ad00l9iw.SYS[HAL.dll!HalTranslateBusAddress] 8186C636 IAT \SystemRoot\System32\Drivers\ad00l9iw.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C IAT \SystemRoot\System32\Drivers\ad00l9iw.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6 IAT \SystemRoot\System32\Drivers\ad00l9iw.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000 IAT \SystemRoot\System32\Drivers\ad00l9iw.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86 IAT \SystemRoot\System32\Drivers\ad00l9iw.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200 IAT \SystemRoot\System32\Drivers\ad00l9iw.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA IAT \SystemRoot\System32\Drivers\ad00l9iw.SYS[WMILIB.SYS!WmiSystemControl] 8800001C IAT \SystemRoot\System32\Drivers\ad00l9iw.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[776] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002 IAT C:\WINDOWS\system32\services.exe[776] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1600] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[1972] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 86F6C1F8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\NetBT \Device\NetBT_Tcpip_{73FE31A9-4AF4-4E08-8EF3-0DD36A1B1C16} 861A61F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{ADCC2473-9FDC-4544-808B-C3D87C4E9799} 861A61F8 Device \Driver\usbohci \Device\USBPDO-0 86CFA500 Device \Driver\PCI_PNP0216 \Device\00000051 spvs.sys Device \Driver\PCI_PNP0216 \Device\00000051 spvs.sys Device \Driver\usbehci \Device\USBPDO-1 86D01500 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\prodrv06 \Device\ProDrv06 E1A39A30 Device \Driver\Ftdisk \Device\HarddiskVolume1 86F6E1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 86F6E1F8 Device \Driver\Cdrom \Device\CdRom0 86D66500 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7241B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort0 [F7241B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort1 [F7241B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F7241B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\Ftdisk \Device\HarddiskVolume3 86F6E1F8 Device \Driver\Cdrom \Device\CdRom1 86D66500 Device \Driver\prohlp02 \Device\ProHlp02 E172F6E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 861A61F8 Device \Driver\sptd \Device\2553678966 spvs.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbohci \Device\USBFDO-0 86CFA500 Device \Driver\usbehci \Device\USBFDO-1 86D01500 Device \Driver\nvatabus \Device\NvAta0 86F6D1F8 Device \Driver\nvatabus \Device\NvAta0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 861CE1F8 Device \Driver\nvatabus \Device\NvAta1 86F6D1F8 Device \Driver\nvatabus \Device\NvAta1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \FileSystem\MRxSmb \Device\LanmanRedirector 861CE1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{89DB03A0-7FC7-4590-937A-6FD9F22315F6} 861A61F8 Device \Driver\Ftdisk \Device\FtControl 86F6E1F8 Device \Driver\nvraid \Device\Scsi\nvraid0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\ad00l9iw \Device\Scsi\ad00l9iw1 86DAA1F8 Device \Driver\ad00l9iw \Device\Scsi\ad00l9iw1Port5Path0Target0Lun0 86DAA1F8 Device \FileSystem\Cdfs \Cdfs 861C11F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0F 0xBD 0x88 0xB9 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC9 0x23 0xE9 0x70 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x91 0xFB 0x70 0x20 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0F 0xBD 0x88 0xB9 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC9 0x23 0xE9 0x70 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x91 0xFB 0x70 0x20 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0F 0xBD 0x88 0xB9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC9 0x23 0xE9 0x70 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x91 0xFB 0x70 0x20 ... ---- EOF - GMER 1.0.15 ----