GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-04 17:04:29 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD1600JS-22MHB0 rev.02.01C03 149,05GB Running: x3u36pp8.exe; Driver: C:\Users\user\AppData\Local\Temp\awlcaaob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Przyspiesz Komputer\PCSUService.exe[1308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes JMP 7603b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Przyspiesz Komputer\PCSUService.exe[1308] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes JMP 7603b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Przyspiesz Komputer\PCSUService.exe[1308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes JMP 760b8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Przyspiesz Komputer\PCSUService.exe[1308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes CALL 760148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Przyspiesz Komputer\PCSUService.exe[1308] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes JMP 760b87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Przyspiesz Komputer\PCSUService.exe[1308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes JMP 760b8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Przyspiesz Komputer\PCSUService.exe[1308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes JMP 760b8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Przyspiesz Komputer\PCSUService.exe[1308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes JMP 760b8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Przyspiesz Komputer\PCSUService.exe[1308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes JMP 7602fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Przyspiesz Komputer\PCSUService.exe[1308] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes JMP 760368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Przyspiesz Komputer\PCSUService.exe[1308] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes JMP 760b8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Przyspiesz Komputer\PCSUService.exe[1308] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes JMP 760b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Przyspiesz Komputer\PCSUService.exe[1308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes JMP 760b865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Przyspiesz Komputer\PCSUService.exe[1308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes JMP 7602fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Przyspiesz Komputer\PCSUService.exe[1308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes JMP 7603b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Przyspiesz Komputer\PCSUService.exe[1308] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes JMP 760b8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Przyspiesz Komputer\PCSUService.exe[1308] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes JMP 760b85f1 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes JMP 7603b21b C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1776] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes JMP 7603b346 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes JMP 760b8ea9 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes CALL 760148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1776] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes JMP 760b87a2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes JMP 760b8978 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes JMP 760b8698 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes JMP 760b8a62 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes JMP 7602fca8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1776] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes JMP 760368ef C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes JMP 760b8f61 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes JMP 760b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes JMP 760b865c C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes JMP 7602fd41 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes JMP 7603b2dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes JMP 760b8e24 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes JMP 760b85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes JMP 7603b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes JMP 7603b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes JMP 760b8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes CALL 760148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes JMP 760b87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes JMP 760b8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes JMP 760b8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes JMP 760b8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes JMP 7602fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes JMP 760368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes JMP 760b8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes JMP 760b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes JMP 760b865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes JMP 7602fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes JMP 7603b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes JMP 760b8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes JMP 760b85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000069b211a8 2 bytes [B2, 69] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 0000000069b2127d 2 bytes CALL 760114b9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 0000000069b21310 2 bytes CALL 760114b9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000069b213a8 2 bytes [B2, 69] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000069b21422 2 bytes [B2, 69] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1492] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000069b21498 2 bytes [B2, 69] .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes JMP 7603b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[1604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes JMP 7603b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes JMP 760b8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes CALL 760148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[1604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes JMP 760b87a2 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes JMP 760b8978 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[1604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes JMP 760b8698 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes JMP 760b8a62 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes JMP 7602fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[1604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes JMP 760368ef C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes JMP 760b8f61 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes JMP 760b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[1604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes JMP 760b865c C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes JMP 7602fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes JMP 7603b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes JMP 760b8e24 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes JMP 760b85f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes JMP 7603b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2160] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes JMP 7603b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes JMP 760b8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes CALL 760148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2160] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes JMP 760b87a2 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes JMP 760b8978 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2160] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes JMP 760b8698 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes JMP 760b8a62 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes JMP 7602fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2160] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes JMP 760368ef C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes JMP 760b8f61 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes JMP 760b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2160] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes JMP 760b865c C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes JMP 7602fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes JMP 7603b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes JMP 760b8e24 C:\Windows\syswow64\kernel32.dll .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes JMP 760b85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2204] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076981401 2 bytes JMP 7603b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2204] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076981419 2 bytes JMP 7603b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2204] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076981431 2 bytes JMP 760b8ea9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2204] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007698144a 2 bytes CALL 760148ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2204] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000769814dd 2 bytes JMP 760b87a2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2204] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes JMP 760b8978 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2204] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007698150d 2 bytes JMP 760b8698 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2204] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes JMP 760b8a62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2204] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007698153d 2 bytes JMP 7602fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2204] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076981555 2 bytes JMP 760368ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2204] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007698156d 2 bytes JMP 760b8f61 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2204] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076981585 2 bytes JMP 760b8ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2204] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007698159d 2 bytes JMP 760b865c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2204] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000769815b5 2 bytes JMP 7602fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2204] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000769815cd 2 bytes JMP 7603b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2204] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes JMP 760b8e24 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2204] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes JMP 760b85f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes JMP 7603b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2292] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes JMP 7603b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes JMP 760b8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes CALL 760148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2292] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes JMP 760b87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes JMP 760b8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2292] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes JMP 760b8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes JMP 760b8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes JMP 7602fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2292] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes JMP 760368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes JMP 760b8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes JMP 760b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2292] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes JMP 760b865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes JMP 7602fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes JMP 7603b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes JMP 760b8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes JMP 760b85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes JMP 7603b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[2448] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes JMP 7603b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes JMP 760b8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes CALL 760148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[2448] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes JMP 760b87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes JMP 760b8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[2448] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes JMP 760b8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes JMP 760b8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes JMP 7602fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[2448] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes JMP 760368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes JMP 760b8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes JMP 760b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[2448] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes JMP 760b865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes JMP 7602fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes JMP 7603b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes JMP 760b8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes JMP 760b85f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes JMP 7603b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes JMP 7603b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes JMP 760b8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes CALL 760148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\system32\hasplms.exe[2740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes JMP 760b87a2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes JMP 760b8978 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes JMP 760b8698 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes JMP 760b8a62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes JMP 7602fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes JMP 760368ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes JMP 760b8f61 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes JMP 760b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes JMP 760b865c C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes JMP 7602fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes JMP 7603b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes JMP 760b8e24 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes JMP 760b85f1 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Hamachi\hamachi-2-ui.exe[2832] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17 0000000076981401 2 bytes JMP 7603b21b C:\Windows\syswow64\kernel32.dll .text D:\Programy\Hamachi\hamachi-2-ui.exe[2832] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17 0000000076981419 2 bytes JMP 7603b346 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Hamachi\hamachi-2-ui.exe[2832] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17 0000000076981431 2 bytes JMP 760b8ea9 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Hamachi\hamachi-2-ui.exe[2832] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42 000000007698144a 2 bytes CALL 760148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Programy\Hamachi\hamachi-2-ui.exe[2832] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17 00000000769814dd 2 bytes JMP 760b87a2 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Hamachi\hamachi-2-ui.exe[2832] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes JMP 760b8978 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Hamachi\hamachi-2-ui.exe[2832] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17 000000007698150d 2 bytes JMP 760b8698 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Hamachi\hamachi-2-ui.exe[2832] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes JMP 760b8a62 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Hamachi\hamachi-2-ui.exe[2832] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17 000000007698153d 2 bytes JMP 7602fca8 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Hamachi\hamachi-2-ui.exe[2832] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17 0000000076981555 2 bytes JMP 760368ef C:\Windows\syswow64\kernel32.dll .text D:\Programy\Hamachi\hamachi-2-ui.exe[2832] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17 000000007698156d 2 bytes JMP 760b8f61 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Hamachi\hamachi-2-ui.exe[2832] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17 0000000076981585 2 bytes JMP 760b8ac2 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Hamachi\hamachi-2-ui.exe[2832] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17 000000007698159d 2 bytes JMP 760b865c C:\Windows\syswow64\kernel32.dll .text D:\Programy\Hamachi\hamachi-2-ui.exe[2832] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17 00000000769815b5 2 bytes JMP 7602fd41 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Hamachi\hamachi-2-ui.exe[2832] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17 00000000769815cd 2 bytes JMP 7603b2dc C:\Windows\syswow64\kernel32.dll .text D:\Programy\Hamachi\hamachi-2-ui.exe[2832] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes JMP 760b8e24 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Hamachi\hamachi-2-ui.exe[2832] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes JMP 760b85f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000726b17fa 2 bytes CALL 760111a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000726b1860 2 bytes CALL 760111a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000726b1942 2 bytes JMP 76607089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000726b194d 2 bytes JMP 7660cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes JMP 7603b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes JMP 7603b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes JMP 760b8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes CALL 760148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes JMP 760b87a2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes JMP 760b8978 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes JMP 760b8698 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes JMP 760b8a62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes JMP 7602fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes JMP 760368ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes JMP 760b8f61 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes JMP 760b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes JMP 760b865c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes JMP 7602fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes JMP 7603b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes JMP 760b8e24 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes JMP 760b85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes JMP 7603b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3436] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes JMP 7603b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes JMP 760b8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes CALL 760148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3436] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes JMP 760b87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes JMP 760b8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3436] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes JMP 760b8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes JMP 760b8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes JMP 7602fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3436] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes JMP 760368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes JMP 760b8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes JMP 760b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3436] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes JMP 760b865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes JMP 7602fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes JMP 7603b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes JMP 760b8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes JMP 760b85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes JMP 7603b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe[4016] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes JMP 7603b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes JMP 760b8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes CALL 760148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe[4016] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes JMP 760b87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes JMP 760b8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe[4016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes JMP 760b8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes JMP 760b8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes JMP 7602fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe[4016] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes JMP 760368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes JMP 760b8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes JMP 760b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe[4016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes JMP 760b865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes JMP 7602fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes JMP 7603b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes JMP 760b8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes JMP 760b85f1 C:\Windows\syswow64\kernel32.dll ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [1200:2752] 000007fef3f23438 Thread C:\Windows\system32\svchost.exe [1200:2800] 000000000041a97c Thread C:\Windows\system32\svchost.exe [1200:2548] 0000000000544be8 Thread C:\Windows\system32\svchost.exe [1200:3132] 000007fef7b2a850 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (*** suspicious ***) @ C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [1776] (WindowsProtectManger Service/Fuyu LIMITED)(2014-12-03 22:01:15) 0000000000cd0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC1 0x45 0xD5 0x50 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC8 0x3A 0xBB 0x5D ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4C 0xDA 0x37 0x38 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC1 0x45 0xD5 0x50 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC8 0x3A 0xBB 0x5D ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4C 0xDA 0x37 0x38 ... ---- EOF - GMER 2.1 ----