GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-20 23:14:02 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e HDS728080PLA380 rev.PF2OA63A Running: 2nuwsxdj.exe; Driver: C:\DOCUME~1\Mateusz\USTAWI~1\Temp\kwgdakod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAA302536] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAA3D37BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xAA302F52] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAA342C31] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAA30DD7A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAA30DDC6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAA30DF48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAA3425E5] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAA30DCE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAA30DE0A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAA30DD30] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xAA303146] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAA30DF02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xAA3038CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAA302584] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAA3432F7] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAA3435AD] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAA306F36] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAA343162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAA342FCD] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAA3D389E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAA3021EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAA3025D2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAA3072A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAA304292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAA30DDA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAA30DDE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAA30DF6C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAA342941] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAA30DD0E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAA306AAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAA30DE8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAA30DD58] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAA306CDE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAA30DF26] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAA3D3A1E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAA342E48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAA30415E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAA342C9A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xAA303D08] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAA3DF338] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAA341C58] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAA302620] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAA30266E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xAA30374A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAA302276] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAA302426] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAA3433FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAA3023CC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xAA303A2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xAA303B88] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAA302496] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xAA303468] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xAA3035CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAA3026BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xAA302F96] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAA3EB744] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text TUKERNEL.EXE!ZwYieldExecution + 122 804E497C 4 Bytes [E8, DC, 30, AA] .text TUKERNEL.EXE!ZwYieldExecution + 3C2 804E4C1C 12 Bytes [20, 26, 30, AA, 6E, 26, 30, ...] .text TUKERNEL.EXE!ZwYieldExecution + 46A 804E4CC4 12 Bytes [2C, 3A, 30, AA, 88, 3B, 30, ...] {SUB AL, 0x3a; XOR [EDX-0x55cfc478], CH; XCHG ESI, EAX; AND AL, 0x30; STOSB } PAGE TUKERNEL.EXE!ObInsertObject 8056DA64 5 Bytes JMP AA3EA0FE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE TUKERNEL.EXE!PsCreateSystemThread + 455 805766FB 4 Bytes CALL AA304943 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE TUKERNEL.EXE!SeQueryInformationToken + A0C 8058B9EC 7 Bytes JMP AA3EB748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE TUKERNEL.EXE!ObMakeTemporaryObject 805AD1FA 5 Bytes JMP AA3E861C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF71EBF80] .text win32k.sys!EngFreeUserMem + 674 BF809912 5 Bytes JMP AA3088C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C86E 5 Bytes JMP AA3087B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF813906 5 Bytes JMP AA30876A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E5CB 5 Bytes JMP AA3073FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 197D BF820CD8 5 Bytes JMP AA307E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPaint + 11A6 BF82D4D6 5 Bytes JMP AA307538 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLockSurface + C09 BF82E654 5 Bytes JMP AA308A2A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 654A BF83D8CB 5 Bytes JMP AA308C32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + BEF8 BF843279 5 Bytes JMP AA308670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + DB9A BF844F1B 5 Bytes JMP AA3075A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + B0EC BF864FD0 5 Bytes JMP AA307E04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 350F BF87011D 5 Bytes JMP AA307EDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 5807 BF872415 2 Bytes JMP AA307992 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 580A BF872418 2 Bytes [A9, EA] .text win32k.sys!XLATEOBJ_iXlate + 5892 BF8724A0 5 Bytes JMP AA307C58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 646A BF873078 5 Bytes JMP AA3073E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text ... .text win32k.sys!EngUnicodeToMultiByteN + 67E7 BF87F66A 5 Bytes JMP AA308972 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 35FB BF89890B 5 Bytes JMP AA307A52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 4138 BF899448 5 Bytes JMP AA307C12 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF8B653C 5 Bytes JMP AA307EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 2862 BF8B9C5B 5 Bytes JMP AA308B90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 1A3D BF8C1C70 5 Bytes JMP AA3076B8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CA101 5 Bytes JMP AA307790 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CA381 5 Bytes JMP AA3078BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EBD37 5 Bytes JMP AA3072DE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + CB3C BF8F4D35 5 Bytes JMP AA307E34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1A2D BF91440C 5 Bytes JMP AA3074D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2601 BF914FE0 5 Bytes JMP AA307664 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F7A BF917959 5 Bytes JMP AA307D72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 193E BF947BDB 5 Bytes JMP AA308AE8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[204] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[204] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[420] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[420] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[452] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[724] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[780] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[780] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[804] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[848] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\Programy\Advanced SystemCare 5\ASCService.exe[1048] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text D:\Programy\Advanced SystemCare 5\ASCService.exe[1048] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1140] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8 .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1140] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1140] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1140] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1140] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1140] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1140] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1140] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1140] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1140] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1140] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1140] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1140] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00700804 .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1140] user32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00700A08 .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1140] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00700600 .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1140] user32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 007001F8 .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1140] user32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 007003FC .text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1332] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1332] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1332] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1332] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1332] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1332] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1332] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1332] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1332] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1332] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1332] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1332] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1332] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00420804 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1332] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00420A08 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1332] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00420600 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1332] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004201F8 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1332] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004203FC .text D:\Programy\avastinternetsecurity\afwServ.exe[1392] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text D:\Programy\avastinternetsecurity\afwServ.exe[1392] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lxdxcoms.exe[1408] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\lxdxcoms.exe[1408] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\lxdxcoms.exe[1408] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\lxdxcoms.exe[1408] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lxdxcoms.exe[1408] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\lxdxcoms.exe[1408] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\lxdxcoms.exe[1408] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\lxdxcoms.exe[1408] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\lxdxcoms.exe[1408] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\lxdxcoms.exe[1408] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\WINDOWS\system32\lxdxcoms.exe[1408] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\lxdxcoms.exe[1408] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\lxdxcoms.exe[1408] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\WINDOWS\system32\lxdxcoms.exe[1408] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\WINDOWS\system32\lxdxcoms.exe[1408] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\lxdxcoms.exe[1408] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\lxdxcoms.exe[1408] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text D:\Programy\avastinternetsecurity\AvastSvc.exe[1464] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text D:\Programy\avastinternetsecurity\AvastSvc.exe[1464] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text D:\Programy\avastinternetsecurity\AvastSvc.exe[1464] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1512] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1512] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1512] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1512] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1512] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1512] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1512] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1512] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1512] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1512] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1512] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1512] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1512] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1512] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1512] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1512] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1512] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1544] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001401F8 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1544] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1544] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001403FC .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1544] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1544] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1544] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1544] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1544] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1544] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1544] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1544] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1544] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1544] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1544] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1544] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1544] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1544] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\System32\svchost.exe[1576] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1576] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1744] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1744] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[1788] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[1788] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1800] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1800] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[1844] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[1844] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[2052] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8 .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[2052] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[2052] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[2052] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[2052] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[2052] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[2052] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[2052] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[2052] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[2052] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[2052] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[2052] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[2052] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[2052] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[2052] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[2052] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[2052] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text D:\Programy\Advanced SystemCare 5\Asc.exe[2196] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 002601F8 .text D:\Programy\Advanced SystemCare 5\Asc.exe[2196] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text D:\Programy\Advanced SystemCare 5\Asc.exe[2196] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 002603FC .text D:\Programy\Advanced SystemCare 5\Asc.exe[2196] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\Programy\Advanced SystemCare 5\Asc.exe[2196] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00BC1014 .text D:\Programy\Advanced SystemCare 5\Asc.exe[2196] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00BC0804 .text D:\Programy\Advanced SystemCare 5\Asc.exe[2196] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00BC0A08 .text D:\Programy\Advanced SystemCare 5\Asc.exe[2196] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00BC0C0C .text D:\Programy\Advanced SystemCare 5\Asc.exe[2196] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00BC0E10 .text D:\Programy\Advanced SystemCare 5\Asc.exe[2196] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00BC01F8 .text D:\Programy\Advanced SystemCare 5\Asc.exe[2196] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00BC03FC .text D:\Programy\Advanced SystemCare 5\Asc.exe[2196] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00BC0600 .text D:\Programy\Advanced SystemCare 5\Asc.exe[2196] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00BD0804 .text D:\Programy\Advanced SystemCare 5\Asc.exe[2196] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00BD0A08 .text D:\Programy\Advanced SystemCare 5\Asc.exe[2196] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00BD0600 .text D:\Programy\Advanced SystemCare 5\Asc.exe[2196] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00BD01F8 .text D:\Programy\Advanced SystemCare 5\Asc.exe[2196] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00BD03FC .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[2408] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[2408] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[2524] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[2524] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2540] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\alg.exe[2540] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2540] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\alg.exe[2540] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2540] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\alg.exe[2540] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\alg.exe[2540] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\alg.exe[2540] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\alg.exe[2540] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\alg.exe[2540] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\System32\alg.exe[2540] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\alg.exe[2540] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\alg.exe[2540] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\System32\alg.exe[2540] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\System32\alg.exe[2540] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[2540] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[2540] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text D:\Programy\VirtualCloneDrive\VCDDaemon.exe[2576] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001601F8 .text D:\Programy\VirtualCloneDrive\VCDDaemon.exe[2576] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text D:\Programy\VirtualCloneDrive\VCDDaemon.exe[2576] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001603FC .text D:\Programy\VirtualCloneDrive\VCDDaemon.exe[2576] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\Programy\VirtualCloneDrive\VCDDaemon.exe[2576] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00421014 .text D:\Programy\VirtualCloneDrive\VCDDaemon.exe[2576] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00420804 .text D:\Programy\VirtualCloneDrive\VCDDaemon.exe[2576] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00420A08 .text D:\Programy\VirtualCloneDrive\VCDDaemon.exe[2576] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00420C0C .text D:\Programy\VirtualCloneDrive\VCDDaemon.exe[2576] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00420E10 .text D:\Programy\VirtualCloneDrive\VCDDaemon.exe[2576] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004201F8 .text D:\Programy\VirtualCloneDrive\VCDDaemon.exe[2576] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004203FC .text D:\Programy\VirtualCloneDrive\VCDDaemon.exe[2576] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00420600 .text D:\Programy\VirtualCloneDrive\VCDDaemon.exe[2576] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00430804 .text D:\Programy\VirtualCloneDrive\VCDDaemon.exe[2576] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00430A08 .text D:\Programy\VirtualCloneDrive\VCDDaemon.exe[2576] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00430600 .text D:\Programy\VirtualCloneDrive\VCDDaemon.exe[2576] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004301F8 .text D:\Programy\VirtualCloneDrive\VCDDaemon.exe[2576] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004303FC .text C:\Program Files\Livebox\systray\systrayapp.exe[2584] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Livebox\systray\systrayapp.exe[2584] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[2688] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[2688] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2708] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001601F8 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2708] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2708] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001603FC .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2708] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2708] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2708] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2708] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2708] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2708] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2708] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2708] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2708] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2708] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2708] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2708] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2708] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\hkcmd.exe[2732] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\hkcmd.exe[2732] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[2732] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\hkcmd.exe[2732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[2732] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\hkcmd.exe[2732] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\hkcmd.exe[2732] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\hkcmd.exe[2732] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\hkcmd.exe[2732] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\igfxpers.exe[2744] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\igfxpers.exe[2744] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[2744] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\igfxpers.exe[2744] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[2744] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\igfxpers.exe[2744] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\igfxpers.exe[2744] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\igfxpers.exe[2744] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\igfxpers.exe[2744] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\igfxpers.exe[2744] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\igfxpers.exe[2744] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\igfxpers.exe[2744] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\igfxpers.exe[2744] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\igfxpers.exe[2744] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\igfxpers.exe[2744] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\igfxpers.exe[2744] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\igfxpers.exe[2744] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text D:\Programy\WapSter AQQ\AQQ.exe[2768] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001601F8 .text D:\Programy\WapSter AQQ\AQQ.exe[2768] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text D:\Programy\WapSter AQQ\AQQ.exe[2768] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001603FC .text D:\Programy\WapSter AQQ\AQQ.exe[2768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\Programy\WapSter AQQ\AQQ.exe[2768] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text D:\Programy\WapSter AQQ\AQQ.exe[2768] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text D:\Programy\WapSter AQQ\AQQ.exe[2768] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text D:\Programy\WapSter AQQ\AQQ.exe[2768] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text D:\Programy\WapSter AQQ\AQQ.exe[2768] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text D:\Programy\WapSter AQQ\AQQ.exe[2768] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text D:\Programy\WapSter AQQ\AQQ.exe[2768] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text D:\Programy\WapSter AQQ\AQQ.exe[2768] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text D:\Programy\WapSter AQQ\AQQ.exe[2768] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00E00804 .text D:\Programy\WapSter AQQ\AQQ.exe[2768] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00E00A08 .text D:\Programy\WapSter AQQ\AQQ.exe[2768] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00E00600 .text D:\Programy\WapSter AQQ\AQQ.exe[2768] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00E001F8 .text D:\Programy\WapSter AQQ\AQQ.exe[2768] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00E003FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00450804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00450A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00450600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004501F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004503FC .text D:\Programy\avastinternetsecurity\avastUI.exe[2888] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text D:\Programy\avastinternetsecurity\avastUI.exe[2888] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe[2964] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe[2964] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\taskmgr.exe[3088] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\taskmgr.exe[3088] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\taskmgr.exe[3088] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\taskmgr.exe[3088] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\taskmgr.exe[3088] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\system32\taskmgr.exe[3088] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\taskmgr.exe[3088] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\taskmgr.exe[3088] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\system32\taskmgr.exe[3088] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\system32\taskmgr.exe[3088] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\taskmgr.exe[3088] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\taskmgr.exe[3088] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\taskmgr.exe[3088] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\taskmgr.exe[3088] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\taskmgr.exe[3088] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\taskmgr.exe[3088] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\taskmgr.exe[3088] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text D:\Programy\Advanced SystemCare 5\ASCTray.exe[3228] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001601F8 .text D:\Programy\Advanced SystemCare 5\ASCTray.exe[3228] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text D:\Programy\Advanced SystemCare 5\ASCTray.exe[3228] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001603FC .text D:\Programy\Advanced SystemCare 5\ASCTray.exe[3228] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\Programy\Advanced SystemCare 5\ASCTray.exe[3228] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text D:\Programy\Advanced SystemCare 5\ASCTray.exe[3228] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text D:\Programy\Advanced SystemCare 5\ASCTray.exe[3228] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text D:\Programy\Advanced SystemCare 5\ASCTray.exe[3228] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text D:\Programy\Advanced SystemCare 5\ASCTray.exe[3228] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text D:\Programy\Advanced SystemCare 5\ASCTray.exe[3228] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text D:\Programy\Advanced SystemCare 5\ASCTray.exe[3228] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text D:\Programy\Advanced SystemCare 5\ASCTray.exe[3228] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text D:\Programy\Advanced SystemCare 5\ASCTray.exe[3228] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00450804 .text D:\Programy\Advanced SystemCare 5\ASCTray.exe[3228] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00450A08 .text D:\Programy\Advanced SystemCare 5\ASCTray.exe[3228] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00450600 .text D:\Programy\Advanced SystemCare 5\ASCTray.exe[3228] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004501F8 .text D:\Programy\Advanced SystemCare 5\ASCTray.exe[3228] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004503FC .text D:\Programy\aurora\plugin-container.exe[3236] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001601F8 .text D:\Programy\aurora\plugin-container.exe[3236] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text D:\Programy\aurora\plugin-container.exe[3236] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001603FC .text D:\Programy\aurora\plugin-container.exe[3236] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\Programy\aurora\plugin-container.exe[3236] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00A11014 .text D:\Programy\aurora\plugin-container.exe[3236] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00A10804 .text D:\Programy\aurora\plugin-container.exe[3236] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00A10A08 .text D:\Programy\aurora\plugin-container.exe[3236] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00A10C0C .text D:\Programy\aurora\plugin-container.exe[3236] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00A10E10 .text D:\Programy\aurora\plugin-container.exe[3236] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00A101F8 .text D:\Programy\aurora\plugin-container.exe[3236] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00A103FC .text D:\Programy\aurora\plugin-container.exe[3236] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00A10600 .text D:\Programy\aurora\plugin-container.exe[3236] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00A20804 .text D:\Programy\aurora\plugin-container.exe[3236] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 105CB03B D:\Programy\aurora\xul.dll (Mozilla Foundation) .text D:\Programy\aurora\plugin-container.exe[3236] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 105CAFCA D:\Programy\aurora\xul.dll (Mozilla Foundation) .text D:\Programy\aurora\plugin-container.exe[3236] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 10412C5F D:\Programy\aurora\xul.dll (Mozilla Foundation) .text D:\Programy\aurora\plugin-container.exe[3236] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00A20A08 .text D:\Programy\aurora\plugin-container.exe[3236] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00A20600 .text D:\Programy\aurora\plugin-container.exe[3236] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00A201F8 .text D:\Programy\aurora\plugin-container.exe[3236] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00A203FC .text D:\Programy\aurora\plugin-container.exe[3236] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 10413280 D:\Programy\aurora\xul.dll (Mozilla Foundation) .text C:\WINDOWS\notepad.exe[3256] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000A01F8 .text C:\WINDOWS\notepad.exe[3256] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\notepad.exe[3256] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000A03FC .text C:\WINDOWS\notepad.exe[3256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\notepad.exe[3256] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\notepad.exe[3256] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\notepad.exe[3256] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\notepad.exe[3256] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\notepad.exe[3256] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\notepad.exe[3256] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\notepad.exe[3256] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\notepad.exe[3256] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\WINDOWS\notepad.exe[3256] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\notepad.exe[3256] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\notepad.exe[3256] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\notepad.exe[3256] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\notepad.exe[3256] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\Program Files\Livebox\Launcher\Launcher.exe[3356] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Livebox\Launcher\Launcher.exe[3356] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\Programy\aurora\firefox.exe[3496] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 012AFEC0 D:\Programy\aurora\xul.dll (Mozilla Foundation) .text D:\Programy\aurora\firefox.exe[3496] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text D:\Programy\aurora\firefox.exe[3496] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001603FC .text D:\Programy\aurora\firefox.exe[3496] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 014E5558 D:\Programy\aurora\xul.dll (Mozilla Foundation) .text D:\Programy\aurora\firefox.exe[3496] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 1 Byte [E9] .text D:\Programy\aurora\firefox.exe[3496] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 014E5535 D:\Programy\aurora\xul.dll (Mozilla Foundation) .text D:\Programy\aurora\firefox.exe[3496] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 012B2ACD D:\Programy\aurora\xul.dll (Mozilla Foundation) .text D:\Programy\aurora\firefox.exe[3496] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\Programy\aurora\firefox.exe[3496] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text D:\Programy\aurora\firefox.exe[3496] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text D:\Programy\aurora\firefox.exe[3496] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text D:\Programy\aurora\firefox.exe[3496] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text D:\Programy\aurora\firefox.exe[3496] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text D:\Programy\aurora\firefox.exe[3496] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 014E54B6 D:\Programy\aurora\xul.dll (Mozilla Foundation) .text D:\Programy\aurora\firefox.exe[3496] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00331014 .text D:\Programy\aurora\firefox.exe[3496] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00330804 .text D:\Programy\aurora\firefox.exe[3496] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00330A08 .text D:\Programy\aurora\firefox.exe[3496] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00330C0C .text D:\Programy\aurora\firefox.exe[3496] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00330E10 .text D:\Programy\aurora\firefox.exe[3496] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003301F8 .text D:\Programy\aurora\firefox.exe[3496] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003303FC .text D:\Programy\aurora\firefox.exe[3496] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00330600 .text C:\Documents and Settings\Mateusz\Pulpit\2nuwsxdj.exe[3556] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001601F8 .text C:\Documents and Settings\Mateusz\Pulpit\2nuwsxdj.exe[3556] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Documents and Settings\Mateusz\Pulpit\2nuwsxdj.exe[3556] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001603FC .text C:\Documents and Settings\Mateusz\Pulpit\2nuwsxdj.exe[3556] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Mateusz\Pulpit\2nuwsxdj.exe[3556] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009C1014 .text C:\Documents and Settings\Mateusz\Pulpit\2nuwsxdj.exe[3556] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009C0804 .text C:\Documents and Settings\Mateusz\Pulpit\2nuwsxdj.exe[3556] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009C0A08 .text C:\Documents and Settings\Mateusz\Pulpit\2nuwsxdj.exe[3556] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009C0C0C .text C:\Documents and Settings\Mateusz\Pulpit\2nuwsxdj.exe[3556] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009C0E10 .text C:\Documents and Settings\Mateusz\Pulpit\2nuwsxdj.exe[3556] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009C01F8 .text C:\Documents and Settings\Mateusz\Pulpit\2nuwsxdj.exe[3556] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009C03FC .text C:\Documents and Settings\Mateusz\Pulpit\2nuwsxdj.exe[3556] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009C0600 .text C:\Documents and Settings\Mateusz\Pulpit\2nuwsxdj.exe[3556] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804 .text C:\Documents and Settings\Mateusz\Pulpit\2nuwsxdj.exe[3556] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08 .text C:\Documents and Settings\Mateusz\Pulpit\2nuwsxdj.exe[3556] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600 .text C:\Documents and Settings\Mateusz\Pulpit\2nuwsxdj.exe[3556] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8 .text C:\Documents and Settings\Mateusz\Pulpit\2nuwsxdj.exe[3556] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC .text C:\WINDOWS\system32\svchost.exe[3588] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[3588] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[3588] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[3588] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[3588] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[3588] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[3588] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[3588] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[3588] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[3588] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[3588] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[3588] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[3588] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[3588] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[3588] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[3588] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[3588] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 IAT D:\Programy\avastinternetsecurity\afwServ.exe[1392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] D:\Programy\avastinternetsecurity\aswCmnBS.dll (Common functions/AVAST Software) IAT D:\Programy\avastinternetsecurity\AvastSvc.exe[1464] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] D:\Programy\avastinternetsecurity\aswCmnBS.dll (Common functions/AVAST Software) IAT D:\Programy\avastinternetsecurity\avastUI.exe[2888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] D:\Programy\avastinternetsecurity\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Files - GMER 1.0.15 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-1606980848-220523388-2146935855-1003 0 bytes File C:\avast! sandbox\S-1-5-21-1606980848-220523388-2146935855-1003\r42 0 bytes File C:\avast! sandbox\S-1-5-21-1606980848-220523388-2146935855-1003\r42\OTL.exe_{d1a7077f-d29e-11e1-8b7a-0060b39cdebb} 0 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG 1024 bytes ---- EOF - GMER 1.0.15 ----