GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-25 20:46:46 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3500418AS rev.CC38 Running: u2fdyzyd.exe; Driver: C:\DOCUME~1\PETERE~1\USTAWI~1\Temp\kxtdapog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA8305536] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA83D67BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA8305F52] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA8345C31] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xA859C2F4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA8310D7A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA8310DC6] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA85965CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA8310F48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA83455E5] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA8310CE8] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xA859CA80] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xA85AFE4E] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xA85B023C] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xA85B96F6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA8310D30] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA8306146] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA8310F02] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xA859CBB6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA83068CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA8305584] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA85971E0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA83462F7] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA83465AD] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xA85AED8A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA8346162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA8345FCD] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA83D689E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA83051EC] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA85B7794] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA85B799C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA83055D2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA830A2A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA8307292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA8310DA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA8310DE8] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA8596DF2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA8310F6C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA8345941] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA8310D0E] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xA85B2160] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA8310E8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA8310D58] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xA85B1D8A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA8310F26] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA83D6A1E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA8345E48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA830715E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA8345C9A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA8306D08] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA83E2338] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA85B8060] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xA859BEC4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA8344C58] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xA859C59C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA8305620] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA830566E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA830674A] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA85975A4] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xA85B8C6A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA8305276] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA8305426] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA83463FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA83053CC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA8306A2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA8306B88] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xA85B0EA4] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xA85B0C20] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA83065CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA83056BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA8305F96] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C68 80504520 16 Bytes [7A, 0D, 31, A8, C6, 0D, 31, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2C88 80504540 4 Bytes [E8, 0C, 31, A8] .text ntkrnlpa.exe!ZwCallbackReturn + 2C94 8050454C 12 Bytes [80, CA, 59, A8, 4E, FE, 5A, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2CD0 80504588 12 Bytes [84, 55, 30, A8, E0, 71, 59, ...] {TEST [EBP+0x30], DL; TEST AL, 0xe0; JNO 0x60; TEST AL, 0xf7; BOUND ESI, [EAX+EBP*4]} .text ntkrnlpa.exe!ZwCallbackReturn + 2D60 80504618 12 Bytes [EC, 51, 30, A8, 94, 77, 5B, ...] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL A8307943 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP A83EB61C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP A83ED0FE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB5228000, 0x2DC7EC, 0xE8000020] .text win32k.sys!EngFreeUserMem + 674 BF80992D 5 Bytes JMP A830B8C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C889 5 Bytes JMP A830B7B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF813921 5 Bytes JMP A830B76A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C58B 5 Bytes JMP A830AE1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79A8 BF8240FB 5 Bytes JMP A830A538 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828A65 5 Bytes JMP A830BA2A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF8314B0 5 Bytes JMP A830BC32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B687 BF839EE7 5 Bytes JMP A830B670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851775 5 Bytes JMP A830A3FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BCAA 5 Bytes JMP A830AEDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E314 5 Bytes JMP A830A992 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E39F 5 Bytes JMP A830AC58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F612 5 Bytes JMP A830A3E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5457 BF8649E1 5 Bytes JMP A830B7FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 35FB BF8731DB 5 Bytes JMP A830AA52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 4138 BF873D18 5 Bytes JMP A830AC12 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF890E16 5 Bytes JMP A830AEF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF8943C1 5 Bytes JMP A830B972 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF894E99 5 Bytes JMP A830BB90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 3862 BF89C24E 5 Bytes JMP A830AE04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DF7 BF89D7E3 5 Bytes JMP A830A5A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A9E0 BF8C1D20 5 Bytes JMP A830A6B8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CA1B1 5 Bytes JMP A830A790 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CA431 5 Bytes JMP A830A8BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3AFB BF8EBDB4 5 Bytes JMP A830A2DE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + CB0D BF8F4DC6 5 Bytes JMP A830AE34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1A2F BF9142E4 5 Bytes JMP A830A4D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2603 BF914EB8 5 Bytes JMP A830A664 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F7C BF917831 5 Bytes JMP A830AD72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1947 BF947980 5 Bytes JMP A830BAE8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ? C:\DOCUME~1\PETERE~1\USTAWI~1\Temp\ALSysIO.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text D:\Ad Muncher\AdMunch.exe[132] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text D:\Ad Muncher\AdMunch.exe[132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\Ad Muncher\AdMunch.exe[132] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text D:\Ad Muncher\AdMunch.exe[132] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\Ad Muncher\AdMunch.exe[132] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text D:\Ad Muncher\AdMunch.exe[132] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text D:\Ad Muncher\AdMunch.exe[132] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text D:\Ad Muncher\AdMunch.exe[132] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text D:\Ad Muncher\AdMunch.exe[132] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text D:\Ad Muncher\AdMunch.exe[132] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text D:\Ad Muncher\AdMunch.exe[132] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text D:\Ad Muncher\AdMunch.exe[132] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text D:\Ad Muncher\AdMunch.exe[132] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text D:\Ad Muncher\AdMunch.exe[132] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text D:\Ad Muncher\AdMunch.exe[132] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text D:\Ad Muncher\AdMunch.exe[132] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text D:\Ad Muncher\AdMunch.exe[132] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\ctfmon.exe[176] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\ctfmon.exe[176] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[176] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\ctfmon.exe[176] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[176] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\ctfmon.exe[176] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\ctfmon.exe[176] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\ctfmon.exe[176] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\ctfmon.exe[176] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\ctfmon.exe[176] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\ctfmon.exe[176] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\ctfmon.exe[176] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\ctfmon.exe[176] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\ctfmon.exe[176] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\ctfmon.exe[176] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\ctfmon.exe[176] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\ctfmon.exe[176] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\ctfmon.exe[176] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\WINDOWS\system32\svchost.exe[256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[256] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[256] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[256] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[256] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[256] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[256] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[256] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[256] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[256] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[256] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[256] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[256] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[256] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text D:\RocketDock\RocketDock.exe[304] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text D:\RocketDock\RocketDock.exe[304] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\RocketDock\RocketDock.exe[304] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text D:\RocketDock\RocketDock.exe[304] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\RocketDock\RocketDock.exe[304] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text D:\RocketDock\RocketDock.exe[304] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text D:\RocketDock\RocketDock.exe[304] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text D:\RocketDock\RocketDock.exe[304] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text D:\RocketDock\RocketDock.exe[304] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text D:\RocketDock\RocketDock.exe[304] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text D:\RocketDock\RocketDock.exe[304] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text D:\RocketDock\RocketDock.exe[304] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text D:\RocketDock\RocketDock.exe[304] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text D:\RocketDock\RocketDock.exe[304] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text D:\RocketDock\RocketDock.exe[304] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text D:\RocketDock\RocketDock.exe[304] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text D:\RocketDock\RocketDock.exe[304] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text D:\RocketDock\RocketDock.exe[304] ws2_32.dll!WSAGetLastError + 3D 71A53D0B 7 Bytes JMP 00AF0095 .text D:\RocketDock\RocketDock.exe[304] ws2_32.dll!getsockopt + 318 71A54A02 7 Bytes JMP 00AF002D .text D:\RocketDock\RocketDock.exe[304] ws2_32.dll!WSASendTo + B6 71A60B63 7 Bytes JMP 00AF00C9 .text D:\RocketDock\RocketDock.exe[304] ws2_32.dll!shutdown + 86 71A60C7C 7 Bytes JMP 00AF0061 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[472] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[472] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[472] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[472] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[472] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[472] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[472] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[472] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[472] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[472] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[472] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[472] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[472] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[472] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[472] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[472] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[472] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[472] WS2_32.dll!WSAGetLastError + 3D 71A53D0B 7 Bytes JMP 00DE0095 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[472] WS2_32.dll!getsockopt + 318 71A54A02 7 Bytes JMP 00DE002D .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[472] WS2_32.dll!WSASendTo + B6 71A60B63 7 Bytes JMP 00DE00C9 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[472] WS2_32.dll!shutdown + 86 71A60C7C 7 Bytes JMP 00DE0061 .text D:\CoreTemp\Core Temp.exe[528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text D:\CoreTemp\Core Temp.exe[528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\CoreTemp\Core Temp.exe[528] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text D:\CoreTemp\Core Temp.exe[528] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\CoreTemp\Core Temp.exe[528] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text D:\CoreTemp\Core Temp.exe[528] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text D:\CoreTemp\Core Temp.exe[528] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text D:\CoreTemp\Core Temp.exe[528] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text D:\CoreTemp\Core Temp.exe[528] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text D:\CoreTemp\Core Temp.exe[528] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text D:\CoreTemp\Core Temp.exe[528] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text D:\CoreTemp\Core Temp.exe[528] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text D:\CoreTemp\Core Temp.exe[528] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text D:\CoreTemp\Core Temp.exe[528] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text D:\CoreTemp\Core Temp.exe[528] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text D:\CoreTemp\Core Temp.exe[528] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text D:\CoreTemp\Core Temp.exe[528] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text D:\CoreTemp\Core Temp.exe[528] ws2_32.dll!WSAGetLastError + 3D 71A53D0B 7 Bytes JMP 00AF0095 .text D:\CoreTemp\Core Temp.exe[528] ws2_32.dll!getsockopt + 318 71A54A02 7 Bytes JMP 00AF002D .text D:\CoreTemp\Core Temp.exe[528] ws2_32.dll!WSASendTo + B6 71A60B63 7 Bytes JMP 00AF00C9 .text D:\CoreTemp\Core Temp.exe[528] ws2_32.dll!shutdown + 86 71A60C7C 7 Bytes JMP 00AF0061 .text C:\WINDOWS\System32\smss.exe[672] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[728] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1004] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1004] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[1040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1040] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\Explorer.EXE[1040] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\Explorer.EXE[1040] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\Explorer.EXE[1040] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\Explorer.EXE[1040] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\Explorer.EXE[1040] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\Explorer.EXE[1040] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\Explorer.EXE[1040] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\Explorer.EXE[1040] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\Explorer.EXE[1040] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\Explorer.EXE[1040] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\Explorer.EXE[1040] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\Explorer.EXE[1040] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\Explorer.EXE[1040] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\WINDOWS\Explorer.EXE[1040] SHELL32.dll!SHFileOperationW 7CA70984 5 Bytes JMP 10001102 D:\Unlocker\UnlockerHook.dll .text C:\WINDOWS\Explorer.EXE[1040] WS2_32.dll!WSAGetLastError + 3D 71A53D0B 4 Bytes JMP 021F0095 .text C:\WINDOWS\Explorer.EXE[1040] WS2_32.dll!getsockname 71A53D10 2 Bytes [EB, F9] {JMP 0xfffffffffffffffb} .text C:\WINDOWS\Explorer.EXE[1040] WS2_32.dll!getsockopt + 318 71A54A02 4 Bytes JMP 021F002D .text C:\WINDOWS\Explorer.EXE[1040] WS2_32.dll!connect 71A54A07 2 Bytes [EB, F9] {JMP 0xfffffffffffffffb} .text C:\WINDOWS\Explorer.EXE[1040] WS2_32.dll!WSASendTo + B6 71A60B63 4 Bytes JMP 021F00C9 .text C:\WINDOWS\Explorer.EXE[1040] WS2_32.dll!getpeername 71A60B68 2 Bytes [EB, F9] {JMP 0xfffffffffffffffb} .text C:\WINDOWS\Explorer.EXE[1040] WS2_32.dll!shutdown + 86 71A60C7C 4 Bytes JMP 021F0061 .text C:\WINDOWS\Explorer.EXE[1040] WS2_32.dll!WSAConnect 71A60C81 2 Bytes [EB, F9] {JMP 0xfffffffffffffffb} .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1056] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1056] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1056] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00CF0804 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1056] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00CF0A08 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1056] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00CF0600 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1056] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00CF01F8 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1056] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00CF03FC .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1056] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00D01014 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1056] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00D00804 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1056] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00D00A08 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1056] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00D00C0C .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1056] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00D00E10 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1056] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00D001F8 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1056] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00D003FC .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1056] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00D00600 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1056] WS2_32.dll!WSAGetLastError + 3D 71A53D0B 7 Bytes JMP 017C0095 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1056] WS2_32.dll!getsockopt + 318 71A54A02 7 Bytes JMP 017C002D .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1056] WS2_32.dll!WSASendTo + B6 71A60B63 7 Bytes JMP 017C00C9 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1056] WS2_32.dll!shutdown + 86 71A60C7C 7 Bytes JMP 017C0061 .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe[1464] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe[1464] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1544] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1544] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\Rainmeter\Rainmeter.exe[1636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text D:\Rainmeter\Rainmeter.exe[1636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\Rainmeter\Rainmeter.exe[1636] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text D:\Rainmeter\Rainmeter.exe[1636] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\Rainmeter\Rainmeter.exe[1636] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00421014 .text D:\Rainmeter\Rainmeter.exe[1636] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00420804 .text D:\Rainmeter\Rainmeter.exe[1636] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00420A08 .text D:\Rainmeter\Rainmeter.exe[1636] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00420C0C .text D:\Rainmeter\Rainmeter.exe[1636] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00420E10 .text D:\Rainmeter\Rainmeter.exe[1636] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004201F8 .text D:\Rainmeter\Rainmeter.exe[1636] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004203FC .text D:\Rainmeter\Rainmeter.exe[1636] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00420600 .text D:\Rainmeter\Rainmeter.exe[1636] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00430804 .text D:\Rainmeter\Rainmeter.exe[1636] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00430A08 .text D:\Rainmeter\Rainmeter.exe[1636] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00430600 .text D:\Rainmeter\Rainmeter.exe[1636] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004301F8 .text D:\Rainmeter\Rainmeter.exe[1636] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004303FC .text D:\Rainmeter\Rainmeter.exe[1636] WS2_32.dll!WSAGetLastError + 3D 71A53D0B 7 Bytes JMP 00D80095 .text D:\Rainmeter\Rainmeter.exe[1636] WS2_32.dll!getsockopt + 318 71A54A02 7 Bytes JMP 00D8002D .text D:\Rainmeter\Rainmeter.exe[1636] WS2_32.dll!WSASendTo + B6 71A60B63 7 Bytes JMP 00D800C9 .text D:\Rainmeter\Rainmeter.exe[1636] WS2_32.dll!shutdown + 86 71A60C7C 7 Bytes JMP 00D80061 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1848] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1868] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Java\jre7\bin\jqs.exe[1868] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1868] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Java\jre7\bin\jqs.exe[1868] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1868] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Java\jre7\bin\jqs.exe[1868] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Java\jre7\bin\jqs.exe[1868] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Java\jre7\bin\jqs.exe[1868] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Java\jre7\bin\jqs.exe[1868] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Java\jre7\bin\jqs.exe[1868] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Java\jre7\bin\jqs.exe[1868] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Java\jre7\bin\jqs.exe[1868] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Java\jre7\bin\jqs.exe[1868] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00700804 .text C:\Program Files\Java\jre7\bin\jqs.exe[1868] user32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00700A08 .text C:\Program Files\Java\jre7\bin\jqs.exe[1868] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00700600 .text C:\Program Files\Java\jre7\bin\jqs.exe[1868] user32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 007001F8 .text C:\Program Files\Java\jre7\bin\jqs.exe[1868] user32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 007003FC .text C:\WINDOWS\notepad.exe[1924] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text C:\WINDOWS\notepad.exe[1924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\notepad.exe[1924] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text C:\WINDOWS\notepad.exe[1924] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\notepad.exe[1924] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\notepad.exe[1924] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\notepad.exe[1924] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\notepad.exe[1924] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\notepad.exe[1924] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\notepad.exe[1924] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\notepad.exe[1924] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\notepad.exe[1924] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\WINDOWS\notepad.exe[1924] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\notepad.exe[1924] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\notepad.exe[1924] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\notepad.exe[1924] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\notepad.exe[1924] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\WINDOWS\notepad.exe[1924] ws2_32.dll!WSAGetLastError + 3D 71A53D0B 7 Bytes JMP 00AC0095 .text C:\WINDOWS\notepad.exe[1924] ws2_32.dll!getsockopt + 318 71A54A02 7 Bytes JMP 00AC002D .text C:\WINDOWS\notepad.exe[1924] ws2_32.dll!WSASendTo + B6 71A60B63 7 Bytes JMP 00AC00C9 .text C:\WINDOWS\notepad.exe[1924] ws2_32.dll!shutdown + 86 71A60C7C 7 Bytes JMP 00AC0061 .text D:\Rainlendar2\Rainlendar2.exe[1928] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text D:\Rainlendar2\Rainlendar2.exe[1928] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\Rainlendar2\Rainlendar2.exe[1928] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text D:\Rainlendar2\Rainlendar2.exe[1928] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\Rainlendar2\Rainlendar2.exe[1928] WS2_32.dll!WSAGetLastError + 3D 71A53D0B 7 Bytes JMP 015C0095 .text D:\Rainlendar2\Rainlendar2.exe[1928] WS2_32.dll!getsockopt + 318 71A54A02 7 Bytes JMP 015C002D .text D:\Rainlendar2\Rainlendar2.exe[1928] WS2_32.dll!WSASendTo + B6 71A60B63 7 Bytes JMP 015C00C9 .text D:\Rainlendar2\Rainlendar2.exe[1928] WS2_32.dll!shutdown + 86 71A60C7C 7 Bytes JMP 015C0061 .text D:\Rainlendar2\Rainlendar2.exe[1928] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00D91014 .text D:\Rainlendar2\Rainlendar2.exe[1928] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00D90804 .text D:\Rainlendar2\Rainlendar2.exe[1928] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00D90A08 .text D:\Rainlendar2\Rainlendar2.exe[1928] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00D90C0C .text D:\Rainlendar2\Rainlendar2.exe[1928] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00D90E10 .text D:\Rainlendar2\Rainlendar2.exe[1928] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00D901F8 .text D:\Rainlendar2\Rainlendar2.exe[1928] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00D903FC .text D:\Rainlendar2\Rainlendar2.exe[1928] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00D90600 .text D:\Rainlendar2\Rainlendar2.exe[1928] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00DA0804 .text D:\Rainlendar2\Rainlendar2.exe[1928] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00DA0A08 .text D:\Rainlendar2\Rainlendar2.exe[1928] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00DA0600 .text D:\Rainlendar2\Rainlendar2.exe[1928] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00DA01F8 .text D:\Rainlendar2\Rainlendar2.exe[1928] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00DA03FC .text C:\WINDOWS\system32\oodag.exe[1932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\oodag.exe[1932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\oodag.exe[1932] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\oodag.exe[1932] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\oodag.exe[1932] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\oodag.exe[1932] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\oodag.exe[1932] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\oodag.exe[1932] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\oodag.exe[1932] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\oodag.exe[1932] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\oodag.exe[1932] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\oodag.exe[1932] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\oodag.exe[1932] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\oodag.exe[1932] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\oodag.exe[1932] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\oodag.exe[1932] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\oodag.exe[1932] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\spoolsv.exe[1984] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrA.exe[2188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\PnkBstrA.exe[2188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrA.exe[2188] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\PnkBstrA.exe[2188] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrA.exe[2188] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\PnkBstrA.exe[2188] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\PnkBstrA.exe[2188] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\PnkBstrA.exe[2188] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\PnkBstrA.exe[2188] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\PnkBstrA.exe[2188] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\PnkBstrA.exe[2188] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\PnkBstrA.exe[2188] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\PnkBstrA.exe[2188] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\PnkBstrA.exe[2188] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\PnkBstrA.exe[2188] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\PnkBstrA.exe[2188] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\PnkBstrA.exe[2188] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\svchost.exe[2324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[2324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2324] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[2324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2324] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[2324] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[2324] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[2324] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[2324] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[2324] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[2324] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[2324] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[2324] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[2324] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[2324] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[2324] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[2324] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text D:\totalcmd\TOTALCMD.EXE[2348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text D:\totalcmd\TOTALCMD.EXE[2348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\totalcmd\TOTALCMD.EXE[2348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text D:\totalcmd\TOTALCMD.EXE[2348] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\totalcmd\TOTALCMD.EXE[2348] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text D:\totalcmd\TOTALCMD.EXE[2348] user32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text D:\totalcmd\TOTALCMD.EXE[2348] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text D:\totalcmd\TOTALCMD.EXE[2348] user32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text D:\totalcmd\TOTALCMD.EXE[2348] user32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text D:\totalcmd\TOTALCMD.EXE[2348] advapi32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text D:\totalcmd\TOTALCMD.EXE[2348] advapi32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text D:\totalcmd\TOTALCMD.EXE[2348] advapi32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text D:\totalcmd\TOTALCMD.EXE[2348] advapi32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text D:\totalcmd\TOTALCMD.EXE[2348] advapi32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text D:\totalcmd\TOTALCMD.EXE[2348] advapi32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text D:\totalcmd\TOTALCMD.EXE[2348] advapi32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text D:\totalcmd\TOTALCMD.EXE[2348] advapi32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text D:\totalcmd\TOTALCMD.EXE[2348] ws2_32.dll!WSAGetLastError + 3D 71A53D0B 7 Bytes JMP 01020095 .text D:\totalcmd\TOTALCMD.EXE[2348] ws2_32.dll!getsockopt + 318 71A54A02 7 Bytes JMP 0102002D .text D:\totalcmd\TOTALCMD.EXE[2348] ws2_32.dll!WSASendTo + B6 71A60B63 7 Bytes JMP 010200C9 .text D:\totalcmd\TOTALCMD.EXE[2348] ws2_32.dll!shutdown + 86 71A60C7C 7 Bytes JMP 01020061 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2848] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2848] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2848] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2848] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2848] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2848] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2848] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2848] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2848] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2848] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004C0804 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2848] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 004C0A08 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2848] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 004C0600 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2848] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004C01F8 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2848] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004C03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3016] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3016] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3016] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3016] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3016] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3016] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3016] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3016] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3016] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3016] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3016] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3016] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3016] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3016] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3016] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3016] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3016] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3060] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3060] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3060] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3060] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3060] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3060] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3060] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3060] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3060] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3060] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3060] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3060] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3060] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3060] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3060] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3060] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3060] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text e:\Install\Diagnostyka\u2fdyzyd.exe[3236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text e:\Install\Diagnostyka\u2fdyzyd.exe[3236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text e:\Install\Diagnostyka\u2fdyzyd.exe[3236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text e:\Install\Diagnostyka\u2fdyzyd.exe[3236] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text e:\Install\Diagnostyka\u2fdyzyd.exe[3236] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009C1014 .text e:\Install\Diagnostyka\u2fdyzyd.exe[3236] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009C0804 .text e:\Install\Diagnostyka\u2fdyzyd.exe[3236] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009C0A08 .text e:\Install\Diagnostyka\u2fdyzyd.exe[3236] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009C0C0C .text e:\Install\Diagnostyka\u2fdyzyd.exe[3236] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009C0E10 .text e:\Install\Diagnostyka\u2fdyzyd.exe[3236] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009C01F8 .text e:\Install\Diagnostyka\u2fdyzyd.exe[3236] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009C03FC .text e:\Install\Diagnostyka\u2fdyzyd.exe[3236] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009C0600 .text e:\Install\Diagnostyka\u2fdyzyd.exe[3236] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804 .text e:\Install\Diagnostyka\u2fdyzyd.exe[3236] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08 .text e:\Install\Diagnostyka\u2fdyzyd.exe[3236] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600 .text e:\Install\Diagnostyka\u2fdyzyd.exe[3236] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8 .text e:\Install\Diagnostyka\u2fdyzyd.exe[3236] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC .text e:\Install\Diagnostyka\u2fdyzyd.exe[3236] ws2_32.dll!WSAGetLastError + 3D 71A53D0B 7 Bytes JMP 00C70095 .text e:\Install\Diagnostyka\u2fdyzyd.exe[3236] ws2_32.dll!getsockopt + 318 71A54A02 7 Bytes JMP 00C7002D .text e:\Install\Diagnostyka\u2fdyzyd.exe[3236] ws2_32.dll!WSASendTo + B6 71A60B63 7 Bytes JMP 00C700C9 .text e:\Install\Diagnostyka\u2fdyzyd.exe[3236] ws2_32.dll!shutdown + 86 71A60C7C 7 Bytes JMP 00C70061 .text D:\Opera\opera.exe[3360] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text D:\Opera\opera.exe[3360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\Opera\opera.exe[3360] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text D:\Opera\opera.exe[3360] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\Opera\opera.exe[3360] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text D:\Opera\opera.exe[3360] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text D:\Opera\opera.exe[3360] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text D:\Opera\opera.exe[3360] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text D:\Opera\opera.exe[3360] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text D:\Opera\opera.exe[3360] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text D:\Opera\opera.exe[3360] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text D:\Opera\opera.exe[3360] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text D:\Opera\opera.exe[3360] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text D:\Opera\opera.exe[3360] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text D:\Opera\opera.exe[3360] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text D:\Opera\opera.exe[3360] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text D:\Opera\opera.exe[3360] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text D:\Opera\opera.exe[3360] ws2_32.dll!WSAGetLastError + 3D 71A53D0B 7 Bytes JMP 00B60095 .text D:\Opera\opera.exe[3360] ws2_32.dll!getsockopt + 318 71A54A02 7 Bytes JMP 00B6002D .text D:\Opera\opera.exe[3360] ws2_32.dll!WSASendTo + B6 71A60B63 7 Bytes JMP 00B600C9 .text D:\Opera\opera.exe[3360] ws2_32.dll!shutdown + 86 71A60C7C 7 Bytes JMP 00B60061 .text C:\WINDOWS\System32\alg.exe[3368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\alg.exe[3368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\alg.exe[3368] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3368] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\alg.exe[3368] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\alg.exe[3368] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\alg.exe[3368] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\alg.exe[3368] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\alg.exe[3368] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\System32\alg.exe[3368] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\alg.exe[3368] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\alg.exe[3368] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\System32\alg.exe[3368] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\System32\alg.exe[3368] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[3368] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[3368] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[3708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[3708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3708] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[3708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3708] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[3708] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[3708] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[3708] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[3708] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[3708] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[3708] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[3708] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[3708] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[3708] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[3708] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[3708] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[3708] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3852] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3852] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3852] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3852] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3852] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3852] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3852] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3852] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3852] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3852] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3852] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3852] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3852] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3852] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3852] WS2_32.dll!WSAGetLastError + 3D 71A53D0B 7 Bytes JMP 03490095 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3852] WS2_32.dll!getsockopt + 318 71A54A02 7 Bytes JMP 0349002D .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3852] WS2_32.dll!WSASendTo + B6 71A60B63 7 Bytes JMP 034900C9 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3852] WS2_32.dll!shutdown + 86 71A60C7C 7 Bytes JMP 03490061 .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3868] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3868] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\Unlocker\UnlockerAssistant.exe[3900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text D:\Unlocker\UnlockerAssistant.exe[3900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\Unlocker\UnlockerAssistant.exe[3900] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text D:\Unlocker\UnlockerAssistant.exe[3900] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\Unlocker\UnlockerAssistant.exe[3900] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text D:\Unlocker\UnlockerAssistant.exe[3900] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text D:\Unlocker\UnlockerAssistant.exe[3900] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text D:\Unlocker\UnlockerAssistant.exe[3900] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text D:\Unlocker\UnlockerAssistant.exe[3900] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text D:\Unlocker\UnlockerAssistant.exe[3900] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text D:\Unlocker\UnlockerAssistant.exe[3900] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text D:\Unlocker\UnlockerAssistant.exe[3900] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text D:\Unlocker\UnlockerAssistant.exe[3900] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text D:\Unlocker\UnlockerAssistant.exe[3900] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text D:\Unlocker\UnlockerAssistant.exe[3900] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text D:\Unlocker\UnlockerAssistant.exe[3900] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text D:\Unlocker\UnlockerAssistant.exe[3900] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00450804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00450A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00450600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004501F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004503FC .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00401014 .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00400804 .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00400A08 .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00400C0C .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00400E10 .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004001F8 .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004003FC .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00400600 .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00410804 .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00410A08 .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00410600 .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004101F8 .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004103FC .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] ws2_32.dll!WSAGetLastError + 3D 71A53D0B 4 Bytes JMP 023D0095 .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] ws2_32.dll!getsockname 71A53D10 2 Bytes [EB, F9] {JMP 0xfffffffffffffffb} .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] ws2_32.dll!getsockopt + 318 71A54A02 4 Bytes JMP 023D002D .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] ws2_32.dll!connect 71A54A07 2 Bytes [EB, F9] {JMP 0xfffffffffffffffb} .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] ws2_32.dll!WSASendTo + B6 71A60B63 4 Bytes JMP 023D00C9 .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] ws2_32.dll!getpeername 71A60B68 2 Bytes [EB, F9] {JMP 0xfffffffffffffffb} .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] ws2_32.dll!shutdown + 86 71A60C7C 4 Bytes JMP 023D0061 .text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4008] ws2_32.dll!WSAConnect 71A60C81 2 Bytes [EB, F9] {JMP 0xfffffffffffffffb} .text D:\MSI Afterburner\MSIAfterburner.exe[4056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text D:\MSI Afterburner\MSIAfterburner.exe[4056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\MSI Afterburner\MSIAfterburner.exe[4056] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text D:\MSI Afterburner\MSIAfterburner.exe[4056] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\MSI Afterburner\MSIAfterburner.exe[4056] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00551014 .text D:\MSI Afterburner\MSIAfterburner.exe[4056] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00550804 .text D:\MSI Afterburner\MSIAfterburner.exe[4056] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00550A08 .text D:\MSI Afterburner\MSIAfterburner.exe[4056] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00550C0C .text D:\MSI Afterburner\MSIAfterburner.exe[4056] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00550E10 .text D:\MSI Afterburner\MSIAfterburner.exe[4056] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005501F8 .text D:\MSI Afterburner\MSIAfterburner.exe[4056] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005503FC .text D:\MSI Afterburner\MSIAfterburner.exe[4056] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00550600 .text D:\MSI Afterburner\MSIAfterburner.exe[4056] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00560804 .text D:\MSI Afterburner\MSIAfterburner.exe[4056] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00560A08 .text D:\MSI Afterburner\MSIAfterburner.exe[4056] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00560600 .text D:\MSI Afterburner\MSIAfterburner.exe[4056] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005601F8 .text D:\MSI Afterburner\MSIAfterburner.exe[4056] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005603FC .text D:\MSI Afterburner\MSIAfterburner.exe[4056] ws2_32.dll!WSAGetLastError + 3D 71A53D0B 4 Bytes JMP 02000095 .text D:\MSI Afterburner\MSIAfterburner.exe[4056] ws2_32.dll!getsockname 71A53D10 2 Bytes [EB, F9] {JMP 0xfffffffffffffffb} .text D:\MSI Afterburner\MSIAfterburner.exe[4056] ws2_32.dll!getsockopt + 318 71A54A02 4 Bytes JMP 0200002D .text D:\MSI Afterburner\MSIAfterburner.exe[4056] ws2_32.dll!connect 71A54A07 2 Bytes [EB, F9] {JMP 0xfffffffffffffffb} .text D:\MSI Afterburner\MSIAfterburner.exe[4056] ws2_32.dll!WSASendTo + B6 71A60B63 4 Bytes JMP 020000C9 .text D:\MSI Afterburner\MSIAfterburner.exe[4056] ws2_32.dll!getpeername 71A60B68 2 Bytes [EB, F9] {JMP 0xfffffffffffffffb} .text D:\MSI Afterburner\MSIAfterburner.exe[4056] ws2_32.dll!shutdown + 86 71A60C7C 4 Bytes JMP 02000061 .text D:\MSI Afterburner\MSIAfterburner.exe[4056] ws2_32.dll!WSAConnect 71A60C81 2 Bytes [EB, F9] {JMP 0xfffffffffffffffb} ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [A85A13F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [A85A124C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [A85A1A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [A859F9A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [A859F9A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [A85A13F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [A85A124C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [A85A1A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [A85A13F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [A859F9A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [A85A1A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [A85A124C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [A85A1A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [A85A124C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [A85A13F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [A859F9A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [A85A13F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [A85A124C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [A85A1A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [A85A1A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [A85A124C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [A859F9A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [A85A13F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [A85A13F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [A859F9A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [A85A1A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [A85A124C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[816] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[816] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1848] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[3868] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION 4CB71C96A17D73A8E47B83447736F872C813564CF1425029514A37B5C4A0B48981F7F9F137A32907792E913599162058F2C1FA9E4C233A3DD19B413054920CA140DE919885D9FC14DE5DDFC8B2F12DFE005F1161FD89F3BAFB2FC765A2FCE8728B08AEC96928FBCEB6C3DFC4927D2579D2E1D6FD65F59BED93D9EF85C04C1E1928C4FD1BC5095349674D6A428BE0307092F26CB5E6DEF0B220A2439441E1A7481E9A1273FE6B572D9A9BBAAF733798212A71D5986B2C587BEE4430E93F1524C5BAC061137F337E33BF85EF4F2512CFDA49F0F98FDB3BDC4CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A2D97226D213B5559DB7CE019D40AA5C9EC58155C0A3468F26B6C4D531610652760F0F548A1AC7898B83E17F18582E0D2602D3DC76BCE5210A80402EDC2A23894F0A0C2A7446A8EABEA77884B941E679C010044BF6759E795DB25D07CCD1248F4687E5B7C11724E4FBB245A0EF65801176FE895AB616B96066995DBE046DEA6283AF4522A80F52C9EB4BF8DA41D26D1B8F8E40972BDA22B33132E38A09857B92F45DB9E160A4717E7C492D90368D44731B3566E34E7368E10CAF7B6E6A180046479F33C127C0637F5F37D9F2DD8B41076B9D9F761F8440F00BF68D48369544B4F2BB87E1BC44AE5 ---- Files - GMER 1.0.15 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-1292428093-362288127-839522115-1004 0 bytes File C:\avast! sandbox\S-1-5-21-1292428093-362288127-839522115-1004\r503 0 bytes File C:\avast! sandbox\S-1-5-21-1292428093-362288127-839522115-1004\r503\Rainlendar2.exe_{16d9ec6f-88a5-11e1-bd4b-bfbb5e6f2ffa} 0 bytes File C:\avast! sandbox\S-1-5-21-1292428093-362288127-839522115-1004\r503\Rainlendar2.exe_{16d9ec6f-88a5-11e1-bd4b-bfbb5e6f2ffa}\C 0 bytes File C:\avast! sandbox\S-1-5-21-1292428093-362288127-839522115-1004\r503\Rainlendar2.exe_{16d9ec6f-88a5-11e1-bd4b-bfbb5e6f2ffa}\C\Documents and Settings 0 bytes File C:\avast! sandbox\S-1-5-21-1292428093-362288127-839522115-1004\r503\Rainlendar2.exe_{16d9ec6f-88a5-11e1-bd4b-bfbb5e6f2ffa}\C\Documents and Settings\Peterek64 0 bytes File C:\avast! sandbox\S-1-5-21-1292428093-362288127-839522115-1004\r503\Rainlendar2.exe_{16d9ec6f-88a5-11e1-bd4b-bfbb5e6f2ffa}\C\Documents and Settings\Peterek64\.rainlendar2 0 bytes File C:\avast! sandbox\S-1-5-21-1292428093-362288127-839522115-1004\r503\Rainlendar2.exe_{16d9ec6f-88a5-11e1-bd4b-bfbb5e6f2ffa}\C\Documents and Settings\Peterek64\.rainlendar2\backups 0 bytes File C:\avast! sandbox\S-1-5-21-1292428093-362288127-839522115-1004\r503\Rainlendar2.exe_{16d9ec6f-88a5-11e1-bd4b-bfbb5e6f2ffa}\C\Documents and Settings\Peterek64\.rainlendar2\backups\20120417-Rainlendar2Backup.zip 3718 bytes File C:\avast! sandbox\S-1-5-21-1292428093-362288127-839522115-1004\r503\Rainlendar2.exe_{16d9ec6f-88a5-11e1-bd4b-bfbb5e6f2ffa}\C\Documents and Settings\Peterek64\.rainlendar2\rainlendar2.ini 5086 bytes File C:\avast! sandbox\S-1-5-21-1292428093-362288127-839522115-1004\r503\Rainlendar2.exe_{16d9ec6f-88a5-11e1-bd4b-bfbb5e6f2ffa}\C\Documents and Settings\Peterek64\.rainlendar2\rainlendar2.log 2204 bytes ---- EOF - GMER 1.0.15 ----