GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-08-29 13:22:35 Windows 5.1.2600 Dodatek Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9250320AS rev.0303 232,89GB Running: hl8ptfc4.exe; Driver: C:\DOCUME~1\ddd\USTAWI~1\Temp\kfncyfog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken [0xB6EE67E4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwConnectPort [0xB6EE5D90] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateFile [0xB6EE644A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateKey [0xB6EE7040] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSection [0xB6EE8C20] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject [0xB6EE8F9E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThread [0xB6EE577C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteKey [0xB6EE69D0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteValueKey [0xB6EE6BE8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDuplicateObject [0xB6EE5582] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateKey [0xB6EE782A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateValueKey [0xB6EE7A80] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwLoadDriver [0xB6EE8652] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwMakeTemporaryObject [0xB6EE6058] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenFile [0xB6EE6626] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenKey [0xB6EE7030] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenProcess [0xB6EE51B0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenSection [0xB6EE62F2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenThread [0xB6EE53B4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryKey [0xB6EE7C8E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryMultipleValueKey [0xB6EE80E2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryValueKey [0xB6EE7EA0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwRenameKey [0xB6EE75B2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSecurityObject [0xB6EE6E54] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSystemInformation [0xB6EE893E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetValueKey [0xB6EE730A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwShutdownSystem [0xB6EE5FC2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSystemDebugControl [0xB6EE61DE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateProcess [0xB6EE5B92] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateThread [0xB6EE5980] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C9C 80503A70 4 Bytes [E8, 6B, EE, B6] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB977F360, 0x34CB3F, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\svchost.exe[548] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[548] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[548] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[548] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[548] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[548] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[548] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[548] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[548] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[548] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[548] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[548] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[548] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\agrsmsvc.exe[580] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\agrsmsvc.exe[580] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\agrsmsvc.exe[580] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\agrsmsvc.exe[580] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\agrsmsvc.exe[580] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\agrsmsvc.exe[580] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\agrsmsvc.exe[580] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\agrsmsvc.exe[580] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\agrsmsvc.exe[580] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\agrsmsvc.exe[580] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\agrsmsvc.exe[580] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\agrsmsvc.exe[580] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\agrsmsvc.exe[580] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NetMeter\NetMeter.exe[616] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NetMeter\NetMeter.exe[616] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NetMeter\NetMeter.exe[616] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NetMeter\NetMeter.exe[616] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NetMeter\NetMeter.exe[616] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NetMeter\NetMeter.exe[616] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NetMeter\NetMeter.exe[616] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NetMeter\NetMeter.exe[616] advapi32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NetMeter\NetMeter.exe[616] advapi32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NetMeter\NetMeter.exe[616] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NetMeter\NetMeter.exe[616] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NetMeter\NetMeter.exe[616] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NetMeter\NetMeter.exe[616] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[644] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[644] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[644] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[644] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[644] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[644] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[644] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[644] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[644] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[644] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[644] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[644] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[644] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[696] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[696] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[696] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[696] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[696] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[696] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[696] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[696] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[696] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[696] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[696] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[696] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[696] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\csrss.exe[868] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll .text C:\WINDOWS\system32\csrss.exe[868] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll .text C:\WINDOWS\System32\svchost.exe[872] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[872] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[872] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[872] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[872] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[872] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[872] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[872] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[872] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[948] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[948] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[948] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[948] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[948] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[948] RPCRT4.dll!RpcServerRegisterIfEx 77E90D13 5 Bytes JMP 1001F870 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[948] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[948] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[948] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[948] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[960] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[960] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[960] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[960] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[960] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[960] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[960] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[960] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[960] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1120] RPCRT4.dll!RpcServerRegisterIfEx 77E90D13 5 Bytes JMP 1001F870 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1120] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1120] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1120] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1120] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1188] RPCRT4.dll!RpcServerRegisterIfEx 77E90D13 5 Bytes JMP 1001F870 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1188] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1188] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1188] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1188] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1188] rpcss.dll!WhichService 76A63CAC 8 Bytes JMP EDF01001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1228] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00534850 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1228] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0054ECA0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1252] RPCRT4.dll!RpcServerRegisterIfEx 77E90D13 5 Bytes JMP 1001F870 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1252] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1252] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1252] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1252] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\MsgTranAgt.exe[1316] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\MsgTranAgt.exe[1316] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\MsgTranAgt.exe[1316] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\MsgTranAgt.exe[1316] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\MsgTranAgt.exe[1316] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\MsgTranAgt.exe[1316] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\MsgTranAgt.exe[1316] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\MsgTranAgt.exe[1316] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\MsgTranAgt.exe[1316] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\MsgTranAgt.exe[1316] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\MsgTranAgt.exe[1316] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\MsgTranAgt.exe[1316] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\MsgTranAgt.exe[1316] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATKOSD2\ATKOSD2.exe[1376] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATKOSD2\ATKOSD2.exe[1376] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATKOSD2\ATKOSD2.exe[1376] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATKOSD2\ATKOSD2.exe[1376] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATKOSD2\ATKOSD2.exe[1376] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATKOSD2\ATKOSD2.exe[1376] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATKOSD2\ATKOSD2.exe[1376] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATKOSD2\ATKOSD2.exe[1376] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATKOSD2\ATKOSD2.exe[1376] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATKOSD2\ATKOSD2.exe[1376] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATKOSD2\ATKOSD2.exe[1376] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATKOSD2\ATKOSD2.exe[1376] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATKOSD2\ATKOSD2.exe[1376] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1380] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1380] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1380] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1380] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1380] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1380] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1380] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1380] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1380] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1380] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1412] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1412] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1412] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1412] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1628] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1628] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1628] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1628] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1628] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1628] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1628] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1628] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1628] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1628] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1628] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1628] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1628] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1836] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1836] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1836] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1836] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1836] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1836] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1836] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1836] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1836] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1836] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1836] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1836] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1836] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[1852] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[1852] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[1852] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[1852] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[1852] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[1852] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[1852] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[1852] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[1852] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[1852] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[1852] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[1852] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[1852] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1944] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1944] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1944] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1944] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1944] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1944] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1944] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1944] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1944] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1944] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1944] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1944] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[1944] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1968] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1968] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1968] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1968] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1968] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1968] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1968] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1968] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1968] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1968] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1968] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1968] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1968] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\HcontrolUser.exe[2052] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\HcontrolUser.exe[2052] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\HcontrolUser.exe[2052] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\HcontrolUser.exe[2052] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\HcontrolUser.exe[2052] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\HcontrolUser.exe[2052] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\HcontrolUser.exe[2052] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\HcontrolUser.exe[2052] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\HcontrolUser.exe[2052] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\HcontrolUser.exe[2052] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\HcontrolUser.exe[2052] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\HcontrolUser.exe[2052] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\HcontrolUser.exe[2052] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text f:\hl8ptfc4.exe[2056] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text f:\hl8ptfc4.exe[2056] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text f:\hl8ptfc4.exe[2056] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text f:\hl8ptfc4.exe[2056] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text f:\hl8ptfc4.exe[2056] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text f:\hl8ptfc4.exe[2056] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text f:\hl8ptfc4.exe[2056] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text f:\hl8ptfc4.exe[2056] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text f:\hl8ptfc4.exe[2056] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text f:\hl8ptfc4.exe[2056] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text f:\hl8ptfc4.exe[2056] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text f:\hl8ptfc4.exe[2056] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text f:\hl8ptfc4.exe[2056] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2140] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2140] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2140] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2140] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2140] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2140] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2140] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2140] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2140] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2140] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2140] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2140] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2140] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2148] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2148] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2148] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2148] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2148] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2148] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2148] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2148] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2148] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2148] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2148] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2148] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2148] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2200] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2200] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2200] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2200] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2200] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2200] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2200] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2200] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2200] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2200] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2200] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2200] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2200] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\WDC.exe[2464] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\WDC.exe[2464] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\WDC.exe[2464] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\WDC.exe[2464] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\WDC.exe[2464] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\WDC.exe[2464] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\WDC.exe[2464] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\WDC.exe[2464] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\WDC.exe[2464] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\WDC.exe[2464] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\WDC.exe[2464] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\WDC.exe[2464] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\WDC.exe[2464] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2508] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2508] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2508] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2508] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2508] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2508] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2508] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2508] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2508] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2508] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2508] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2508] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2508] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2656] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0095D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2656] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0096BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2656] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0096B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2656] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00967F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2656] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0095D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2656] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00965070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2656] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00965C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2656] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 00963BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2656] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 009644D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2656] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00968D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2656] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 00969E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2656] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 00968AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\Hcontrol.exe[2656] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 00969D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[2676] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003AD120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[2676] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 003BBCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[2676] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 003BB9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[2676] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003B7F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[2676] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 003AD240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[2676] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 003B5070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[2676] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 003B5C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[2676] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 003B8D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[2676] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 003B9E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[2676] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 003B8AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[2676] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 003B9D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[2676] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 003B3BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[2676] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 003B44D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2704] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00780630 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe .text C:\WINDOWS\system32\wscntfy.exe[2712] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2712] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2712] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2712] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2712] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2712] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2712] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2712] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2712] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2712] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2712] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Messenger\msmsgs.exe[2728] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Messenger\msmsgs.exe[2728] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Messenger\msmsgs.exe[2728] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Messenger\msmsgs.exe[2728] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Messenger\msmsgs.exe[2728] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Messenger\msmsgs.exe[2728] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Messenger\msmsgs.exe[2728] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Messenger\msmsgs.exe[2728] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Messenger\msmsgs.exe[2728] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Messenger\msmsgs.exe[2728] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Messenger\msmsgs.exe[2728] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Messenger\msmsgs.exe[2728] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Messenger\msmsgs.exe[2728] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3716] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3716] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3716] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3716] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0117C50B C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3716] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3716] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3716] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3716] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 01971106 C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3716] kernel32.dll!MapViewOfFile 7C80B915 5 Bytes JMP 0197114C C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3716] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3716] GDI32.dll!CreateDIBSection 77F19AA1 5 Bytes JMP 01971173 C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3716] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3716] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3716] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3716] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3716] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\totalcmd\TOTALCMD.EXE[3760] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\totalcmd\TOTALCMD.EXE[3760] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\totalcmd\TOTALCMD.EXE[3760] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\totalcmd\TOTALCMD.EXE[3760] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\totalcmd\TOTALCMD.EXE[3760] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\totalcmd\TOTALCMD.EXE[3760] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\totalcmd\TOTALCMD.EXE[3760] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\totalcmd\TOTALCMD.EXE[3760] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\totalcmd\TOTALCMD.EXE[3760] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\totalcmd\TOTALCMD.EXE[3760] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\totalcmd\TOTALCMD.EXE[3760] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\totalcmd\TOTALCMD.EXE[3760] advapi32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\totalcmd\TOTALCMD.EXE[3760] advapi32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[3820] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[3820] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[3820] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[3820] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[3820] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[3820] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[3820] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[3820] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[3820] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[3820] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[3820] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[3820] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\ddd\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[3820] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\ATKOSD.exe[4032] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\ATKOSD.exe[4032] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\ATKOSD.exe[4032] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\ATKOSD.exe[4032] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\ATKOSD.exe[4032] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\ATKOSD.exe[4032] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\ATKOSD.exe[4032] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\ATKOSD.exe[4032] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\ATKOSD.exe[4032] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\ATKOSD.exe[4032] GDI32.dll!GetPixel 77F1B479 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\ATKOSD.exe[4032] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\ATKOSD.exe[4032] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATK Hotkey\ATKOSD.exe[4032] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE2 0x8D 0x42 0xE5 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE2 0x8D 0x42 0xE5 ... ---- Files - GMER 2.1 ---- File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\06974836-98FA-48ED-AC7D-BDBC50AE3E80.data 386112 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\06974836-98FA-48ED-AC7D-BDBC50AE3E80.data.info 188 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\0752CF85-2CBF-4500-AC4A-8957D3BA61D2.data 379904 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\0752CF85-2CBF-4500-AC4A-8957D3BA61D2.data.info 208 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\0856A85B-CD6C-4F73-A5C6-CCAC4D333877.data 42496 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\0856A85B-CD6C-4F73-A5C6-CCAC4D333877.data.info 254 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\9269E368-6695-4039-A1BA-5AD1BD5323C6.data 775152 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\9269E368-6695-4039-A1BA-5AD1BD5323C6.data.info 214 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\937F3118-EB12-4C52-AE77-19D5425799B8.data 493440 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\937F3118-EB12-4C52-AE77-19D5425799B8.data.info 240 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\9B421E1E-8AA1-40CD-93BD-42D7D60F4643.data 129024 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\9B421E1E-8AA1-40CD-93BD-42D7D60F4643.data.info 170 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A053B51C-7BC8-4AC2-B606-B6726C1A3DDB.data 386112 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A053B51C-7BC8-4AC2-B606-B6726C1A3DDB.data.info 250 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B9BE8F8B-6F2D-46A7-BA15-7AC1DB614716.data 761896 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B9BE8F8B-6F2D-46A7-BA15-7AC1DB614716.data.info 320 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C11214BC-AE6E-4E28-94B5-BCD410A0ACC9.data 42496 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C11214BC-AE6E-4E28-94B5-BCD410A0ACC9.data.info 280 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C53F75F3-BD04-441B-917F-E5DB0EDB6D5E.data 775152 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C53F75F3-BD04-441B-917F-E5DB0EDB6D5E.data.info 206 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\ED5A4BFA-ED3E-4E2C-96FE-AEC183FD82C8.data 5120 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\ED5A4BFA-ED3E-4E2C-96FE-AEC183FD82C8.data.info 110 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes ---- EOF - GMER 2.1 ----