GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-07-31 16:49:44 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3500418AS rev.CC38 Running: y9t9qkhy.exe; Driver: C:\DOCUME~1\PETERE~1\USTAWI~1\Temp\kxtdapog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA8862202] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA88F0D8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA88866C1] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xA8AC2630] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA88647F0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA8864848] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA8ABBD80] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA886495E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA8886075] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA8864746] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xA8AC2E40] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xA8AD9D30] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xA8ADA150] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xA8AE4240] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA886479A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA886490C] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xA8AC2FB0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA8862226] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA8ABCC60] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA8886D87] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA888703D] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xA8AD8E70] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA8886BF2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA8886A5D] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA88F0E3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA8861FF0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA8AE2080] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA8AE22B0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA886224A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA8864D56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA8862CDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA8864820] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA8864870] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA8ABC750] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA8864988] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA88863D1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA8864772] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xA8ADC450] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA88648D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA88647C8] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xA8ADC020] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA8864936] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA88F0ED4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA88868D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA8862BA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA888672A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA88F910E] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA8AE2A40] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xA8AC2180] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA88856E8] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xA8AC2910] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA886226E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA8862292] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA8ABD080] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xA8AE38E0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA886204A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA8862186] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA8886E8E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA8862162] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xA8ADAD20] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xA8ADAA50] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA88622B6] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C70 8050450C 16 Bytes [F0, 47, 86, A8, 48, 48, 86, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2CA1 8050453D 7 Bytes [9D, AD, A8, 50, A1, AD, A8] .text ntkrnlpa.exe!ZwCallbackReturn + 2CD8 80504574 12 Bytes [26, 22, 86, A8, 60, CC, AB, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 12 Bytes [F0, 1F, 86, A8, 80, 20, AE, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2DAC 80504648 16 Bytes [20, 48, 86, A8, 70, 48, 86, ...] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL A8863335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP A8901D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP A89037F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB5735000, 0x2ACED8, 0xE8000020] .text win32k.sys!EngFreeUserMem + 674 BF809962 5 Bytes JMP A8865CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF813956 5 Bytes JMP A8865BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79A8 BF824309 5 Bytes JMP A8864F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828C73 5 Bytes JMP A8865E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316BE 5 Bytes JMP A8866014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B68E BF83A0FC 5 Bytes JMP A8865B1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP A8864E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E554 5 Bytes JMP A8865180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E5DF 5 Bytes JMP A8865326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F852 5 Bytes JMP A8864E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5454 BF864C1E 5 Bytes JMP A8865BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 411E BF873F63 5 Bytes JMP A88652FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF8947C0 5 Bytes JMP A8865D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF895298 5 Bytes JMP A8865F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DEC BF89DBD8 5 Bytes JMP A8864FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP A886503E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CA5B2 5 Bytes JMP A88650AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CA832 5 Bytes JMP A88650E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2A7 5 Bytes JMP A8864D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP A8864EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 25B3 BF913FB9 5 Bytes JMP A8865008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F12 BF916918 5 Bytes JMP A8865440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 18FC BF94638A 5 Bytes JMP A8865ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ? C:\DOCUME~1\PETERE~1\USTAWI~1\Temp\ALSysIO.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Java\jre6\bin\jqs.exe[288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[288] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[288] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Java\jre6\bin\jqs.exe[288] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[288] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Java\jre6\bin\jqs.exe[288] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Java\jre6\bin\jqs.exe[288] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Java\jre6\bin\jqs.exe[288] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Java\jre6\bin\jqs.exe[288] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Java\jre6\bin\jqs.exe[288] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[288] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Java\jre6\bin\jqs.exe[288] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Java\jre6\bin\jqs.exe[288] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Java\jre6\bin\jqs.exe[288] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Java\jre6\bin\jqs.exe[288] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Java\jre6\bin\jqs.exe[288] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[288] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\oodag.exe[360] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\oodag.exe[360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\oodag.exe[360] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\oodag.exe[360] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\oodag.exe[360] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\oodag.exe[360] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\oodag.exe[360] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\oodag.exe[360] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\oodag.exe[360] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\oodag.exe[360] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\oodag.exe[360] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\oodag.exe[360] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\oodag.exe[360] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\oodag.exe[360] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\oodag.exe[360] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\oodag.exe[360] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\oodag.exe[360] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\System32\smss.exe[444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[524] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\spoolsv.exe[524] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\spoolsv.exe[524] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\spoolsv.exe[524] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\spoolsv.exe[524] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\spoolsv.exe[524] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\spoolsv.exe[524] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\spoolsv.exe[524] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\ctfmon.exe[680] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\ctfmon.exe[680] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[680] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\ctfmon.exe[680] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[680] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\ctfmon.exe[680] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\ctfmon.exe[680] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\ctfmon.exe[680] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\ctfmon.exe[680] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\ctfmon.exe[680] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\ctfmon.exe[680] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\ctfmon.exe[680] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\ctfmon.exe[680] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\ctfmon.exe[680] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\ctfmon.exe[680] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\ctfmon.exe[680] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\ctfmon.exe[680] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\ctfmon.exe[680] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\WINDOWS\system32\ctfmon.exe[680] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 00AF008D .text C:\WINDOWS\system32\ctfmon.exe[680] ws2_32.dll!connect 71A54A07 5 Bytes JMP 00AF002D .text C:\WINDOWS\system32\ctfmon.exe[680] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 00AF00BD .text C:\WINDOWS\system32\ctfmon.exe[680] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00AF005D .text D:\totalcmd\TOTALCMD.EXE[688] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text D:\totalcmd\TOTALCMD.EXE[688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\totalcmd\TOTALCMD.EXE[688] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text D:\totalcmd\TOTALCMD.EXE[688] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\totalcmd\TOTALCMD.EXE[688] advapi32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014 .text D:\totalcmd\TOTALCMD.EXE[688] advapi32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804 .text D:\totalcmd\TOTALCMD.EXE[688] advapi32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08 .text D:\totalcmd\TOTALCMD.EXE[688] advapi32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C .text D:\totalcmd\TOTALCMD.EXE[688] advapi32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10 .text D:\totalcmd\TOTALCMD.EXE[688] advapi32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8 .text D:\totalcmd\TOTALCMD.EXE[688] advapi32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC .text D:\totalcmd\TOTALCMD.EXE[688] advapi32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600 .text D:\totalcmd\TOTALCMD.EXE[688] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00330804 .text D:\totalcmd\TOTALCMD.EXE[688] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00330A08 .text D:\totalcmd\TOTALCMD.EXE[688] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00330600 .text D:\totalcmd\TOTALCMD.EXE[688] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003301F8 .text D:\totalcmd\TOTALCMD.EXE[688] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003303FC .text D:\totalcmd\TOTALCMD.EXE[688] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 00DD008D .text D:\totalcmd\TOTALCMD.EXE[688] ws2_32.dll!connect 71A54A07 5 Bytes JMP 00DD002D .text D:\totalcmd\TOTALCMD.EXE[688] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 00DD00BD .text D:\totalcmd\TOTALCMD.EXE[688] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00DD005D .text C:\WINDOWS\system32\csrss.exe[724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[724] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\winlogon.exe[772] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\winlogon.exe[772] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\winlogon.exe[772] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\winlogon.exe[772] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\winlogon.exe[772] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\services.exe[820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\services.exe[820] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\services.exe[820] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\services.exe[820] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\services.exe[820] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\services.exe[820] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text D:\Rainlendar2\Rainlendar2.exe[984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text D:\Rainlendar2\Rainlendar2.exe[984] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\Rainlendar2\Rainlendar2.exe[984] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text D:\Rainlendar2\Rainlendar2.exe[984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\Rainlendar2\Rainlendar2.exe[984] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 015C008D .text D:\Rainlendar2\Rainlendar2.exe[984] WS2_32.dll!connect 71A54A07 5 Bytes JMP 015C002D .text D:\Rainlendar2\Rainlendar2.exe[984] WS2_32.dll!getpeername 71A60B68 5 Bytes JMP 015C00BD .text D:\Rainlendar2\Rainlendar2.exe[984] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 015C005D .text D:\Rainlendar2\Rainlendar2.exe[984] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00D91014 .text D:\Rainlendar2\Rainlendar2.exe[984] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00D90804 .text D:\Rainlendar2\Rainlendar2.exe[984] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00D90A08 .text D:\Rainlendar2\Rainlendar2.exe[984] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00D90C0C .text D:\Rainlendar2\Rainlendar2.exe[984] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00D90E10 .text D:\Rainlendar2\Rainlendar2.exe[984] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00D901F8 .text D:\Rainlendar2\Rainlendar2.exe[984] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00D903FC .text D:\Rainlendar2\Rainlendar2.exe[984] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00D90600 .text D:\Rainlendar2\Rainlendar2.exe[984] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00DA0804 .text D:\Rainlendar2\Rainlendar2.exe[984] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00DA0A08 .text D:\Rainlendar2\Rainlendar2.exe[984] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00DA0600 .text D:\Rainlendar2\Rainlendar2.exe[984] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00DA01F8 .text D:\Rainlendar2\Rainlendar2.exe[984] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00DA03FC .text C:\WINDOWS\system32\Ati2evxx.exe[1008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\Ati2evxx.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1008] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\Ati2evxx.exe[1008] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\Ati2evxx.exe[1008] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\Ati2evxx.exe[1008] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1008] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\Ati2evxx.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\WINDOWS\system32\Ati2evxx.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\Ati2evxx.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\Ati2evxx.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\WINDOWS\system32\Ati2evxx.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\WINDOWS\system32\Ati2evxx.exe[1008] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1008] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\Ati2evxx.exe[1008] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text D:\RocketDock\RocketDock.exe[1056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text D:\RocketDock\RocketDock.exe[1056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\RocketDock\RocketDock.exe[1056] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text D:\RocketDock\RocketDock.exe[1056] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\RocketDock\RocketDock.exe[1056] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text D:\RocketDock\RocketDock.exe[1056] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text D:\RocketDock\RocketDock.exe[1056] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text D:\RocketDock\RocketDock.exe[1056] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text D:\RocketDock\RocketDock.exe[1056] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text D:\RocketDock\RocketDock.exe[1056] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text D:\RocketDock\RocketDock.exe[1056] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text D:\RocketDock\RocketDock.exe[1056] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text D:\RocketDock\RocketDock.exe[1056] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text D:\RocketDock\RocketDock.exe[1056] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text D:\RocketDock\RocketDock.exe[1056] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text D:\RocketDock\RocketDock.exe[1056] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text D:\RocketDock\RocketDock.exe[1056] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text D:\RocketDock\RocketDock.exe[1056] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 00AF008D .text D:\RocketDock\RocketDock.exe[1056] ws2_32.dll!connect 71A54A07 5 Bytes JMP 00AF002D .text D:\RocketDock\RocketDock.exe[1056] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 00AF00BD .text D:\RocketDock\RocketDock.exe[1056] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00AF005D .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text D:\CoreTemp\Core Temp.exe[1164] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text D:\CoreTemp\Core Temp.exe[1164] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\CoreTemp\Core Temp.exe[1164] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text D:\CoreTemp\Core Temp.exe[1164] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\CoreTemp\Core Temp.exe[1164] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text D:\CoreTemp\Core Temp.exe[1164] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text D:\CoreTemp\Core Temp.exe[1164] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text D:\CoreTemp\Core Temp.exe[1164] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text D:\CoreTemp\Core Temp.exe[1164] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text D:\CoreTemp\Core Temp.exe[1164] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text D:\CoreTemp\Core Temp.exe[1164] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text D:\CoreTemp\Core Temp.exe[1164] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text D:\CoreTemp\Core Temp.exe[1164] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text D:\CoreTemp\Core Temp.exe[1164] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text D:\CoreTemp\Core Temp.exe[1164] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text D:\CoreTemp\Core Temp.exe[1164] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text D:\CoreTemp\Core Temp.exe[1164] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text D:\CoreTemp\Core Temp.exe[1164] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 00AF008D .text D:\CoreTemp\Core Temp.exe[1164] ws2_32.dll!connect 71A54A07 5 Bytes JMP 00AF002D .text D:\CoreTemp\Core Temp.exe[1164] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 00AF00BD .text D:\CoreTemp\Core Temp.exe[1164] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00AF005D .text C:\WINDOWS\system32\PnkBstrA.exe[1176] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\PnkBstrA.exe[1176] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrA.exe[1176] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\PnkBstrA.exe[1176] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrA.exe[1176] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\PnkBstrA.exe[1176] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\PnkBstrA.exe[1176] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\PnkBstrA.exe[1176] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\PnkBstrA.exe[1176] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\PnkBstrA.exe[1176] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\PnkBstrA.exe[1176] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\PnkBstrA.exe[1176] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\PnkBstrA.exe[1176] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\PnkBstrA.exe[1176] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\PnkBstrA.exe[1176] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\PnkBstrA.exe[1176] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\PnkBstrA.exe[1176] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[1220] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[1220] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[1220] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text D:\Rainmeter\Rainmeter.exe[1312] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text D:\Rainmeter\Rainmeter.exe[1312] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\Rainmeter\Rainmeter.exe[1312] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text D:\Rainmeter\Rainmeter.exe[1312] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\Rainmeter\Rainmeter.exe[1312] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00421014 .text D:\Rainmeter\Rainmeter.exe[1312] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00420804 .text D:\Rainmeter\Rainmeter.exe[1312] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00420A08 .text D:\Rainmeter\Rainmeter.exe[1312] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00420C0C .text D:\Rainmeter\Rainmeter.exe[1312] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00420E10 .text D:\Rainmeter\Rainmeter.exe[1312] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004201F8 .text D:\Rainmeter\Rainmeter.exe[1312] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004203FC .text D:\Rainmeter\Rainmeter.exe[1312] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00420600 .text D:\Rainmeter\Rainmeter.exe[1312] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00430804 .text D:\Rainmeter\Rainmeter.exe[1312] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00430A08 .text D:\Rainmeter\Rainmeter.exe[1312] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00430600 .text D:\Rainmeter\Rainmeter.exe[1312] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004301F8 .text D:\Rainmeter\Rainmeter.exe[1312] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004303FC .text D:\Rainmeter\Rainmeter.exe[1312] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 00D8008D .text D:\Rainmeter\Rainmeter.exe[1312] WS2_32.dll!connect 71A54A07 5 Bytes JMP 00D8002D .text D:\Rainmeter\Rainmeter.exe[1312] WS2_32.dll!getpeername 71A60B68 5 Bytes JMP 00D800BD .text D:\Rainmeter\Rainmeter.exe[1312] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00D8005D .text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1464] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1464] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1464] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1464] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1464] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00411014 .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1464] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00410804 .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1464] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00410A08 .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1464] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00410C0C .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1464] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00410E10 .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1464] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004101F8 .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1464] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004103FC .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1464] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00410600 .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1464] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00420804 .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1464] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00420A08 .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1464] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00420600 .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1464] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004201F8 .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1464] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004203FC .text C:\WINDOWS\system32\Ati2evxx.exe[1540] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1540] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1540] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\Ati2evxx.exe[1540] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1540] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\Ati2evxx.exe[1540] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\Ati2evxx.exe[1540] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\Ati2evxx.exe[1540] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1540] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\Ati2evxx.exe[1540] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\WINDOWS\system32\Ati2evxx.exe[1540] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\Ati2evxx.exe[1540] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\Ati2evxx.exe[1540] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\WINDOWS\system32\Ati2evxx.exe[1540] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\WINDOWS\system32\Ati2evxx.exe[1540] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1540] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\Ati2evxx.exe[1540] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1908] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1908] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1908] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[2084] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[2084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[2084] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[2084] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[2084] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\Explorer.EXE[2084] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\Explorer.EXE[2084] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\Explorer.EXE[2084] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\Explorer.EXE[2084] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\Explorer.EXE[2084] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\Explorer.EXE[2084] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\Explorer.EXE[2084] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\Explorer.EXE[2084] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\Explorer.EXE[2084] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\Explorer.EXE[2084] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\Explorer.EXE[2084] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\Explorer.EXE[2084] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\Explorer.EXE[2084] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\WINDOWS\Explorer.EXE[2084] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 10001102 D:\Unlocker\UnlockerHook.dll .text C:\WINDOWS\Explorer.EXE[2084] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 0220008D .text C:\WINDOWS\Explorer.EXE[2084] WS2_32.dll!connect 71A54A07 5 Bytes JMP 0220002D .text C:\WINDOWS\Explorer.EXE[2084] WS2_32.dll!getpeername 71A60B68 5 Bytes JMP 022000BD .text C:\WINDOWS\Explorer.EXE[2084] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 0220005D .text D:\Opera\opera.exe[2140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text D:\Opera\opera.exe[2140] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\Opera\opera.exe[2140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text D:\Opera\opera.exe[2140] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\Opera\opera.exe[2140] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text D:\Opera\opera.exe[2140] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text D:\Opera\opera.exe[2140] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text D:\Opera\opera.exe[2140] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text D:\Opera\opera.exe[2140] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text D:\Opera\opera.exe[2140] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text D:\Opera\opera.exe[2140] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text D:\Opera\opera.exe[2140] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text D:\Opera\opera.exe[2140] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text D:\Opera\opera.exe[2140] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text D:\Opera\opera.exe[2140] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text D:\Opera\opera.exe[2140] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text D:\Opera\opera.exe[2140] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text D:\Opera\opera.exe[2140] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 00B7008D .text D:\Opera\opera.exe[2140] ws2_32.dll!connect 71A54A07 5 Bytes JMP 00B7002D .text D:\Opera\opera.exe[2140] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 00B700BD .text D:\Opera\opera.exe[2140] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00B7005D .text C:\Program Files\K2T\WTW\wtw.exe[2312] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\K2T\WTW\wtw.exe[2312] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\K2T\WTW\wtw.exe[2312] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\K2T\WTW\wtw.exe[2312] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\K2T\WTW\wtw.exe[2312] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009C1014 .text C:\Program Files\K2T\WTW\wtw.exe[2312] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009C0804 .text C:\Program Files\K2T\WTW\wtw.exe[2312] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009C0A08 .text C:\Program Files\K2T\WTW\wtw.exe[2312] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009C0C0C .text C:\Program Files\K2T\WTW\wtw.exe[2312] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009C0E10 .text C:\Program Files\K2T\WTW\wtw.exe[2312] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009C01F8 .text C:\Program Files\K2T\WTW\wtw.exe[2312] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009C03FC .text C:\Program Files\K2T\WTW\wtw.exe[2312] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009C0600 .text C:\Program Files\K2T\WTW\wtw.exe[2312] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804 .text C:\Program Files\K2T\WTW\wtw.exe[2312] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08 .text C:\Program Files\K2T\WTW\wtw.exe[2312] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600 .text C:\Program Files\K2T\WTW\wtw.exe[2312] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8 .text C:\Program Files\K2T\WTW\wtw.exe[2312] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC .text C:\Program Files\K2T\WTW\wtw.exe[2312] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 015B008D .text C:\Program Files\K2T\WTW\wtw.exe[2312] WS2_32.dll!connect 71A54A07 5 Bytes JMP 015B002D .text C:\Program Files\K2T\WTW\wtw.exe[2312] WS2_32.dll!getpeername 71A60B68 5 Bytes JMP 015B00BD .text C:\Program Files\K2T\WTW\wtw.exe[2312] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 015B005D .text C:\WINDOWS\System32\alg.exe[2904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\alg.exe[2904] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2904] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\alg.exe[2904] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2904] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\alg.exe[2904] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\alg.exe[2904] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\alg.exe[2904] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\alg.exe[2904] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\alg.exe[2904] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\System32\alg.exe[2904] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\alg.exe[2904] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\alg.exe[2904] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\System32\alg.exe[2904] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\System32\alg.exe[2904] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[2904] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[2904] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text E:\Install\Diagnostyka\y9t9qkhy.exe[3276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text E:\Install\Diagnostyka\y9t9qkhy.exe[3276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text E:\Install\Diagnostyka\y9t9qkhy.exe[3276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text E:\Install\Diagnostyka\y9t9qkhy.exe[3276] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text E:\Install\Diagnostyka\y9t9qkhy.exe[3276] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009C1014 .text E:\Install\Diagnostyka\y9t9qkhy.exe[3276] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009C0804 .text E:\Install\Diagnostyka\y9t9qkhy.exe[3276] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009C0A08 .text E:\Install\Diagnostyka\y9t9qkhy.exe[3276] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009C0C0C .text E:\Install\Diagnostyka\y9t9qkhy.exe[3276] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009C0E10 .text E:\Install\Diagnostyka\y9t9qkhy.exe[3276] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009C01F8 .text E:\Install\Diagnostyka\y9t9qkhy.exe[3276] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009C03FC .text E:\Install\Diagnostyka\y9t9qkhy.exe[3276] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009C0600 .text E:\Install\Diagnostyka\y9t9qkhy.exe[3276] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804 .text E:\Install\Diagnostyka\y9t9qkhy.exe[3276] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08 .text E:\Install\Diagnostyka\y9t9qkhy.exe[3276] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600 .text E:\Install\Diagnostyka\y9t9qkhy.exe[3276] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8 .text E:\Install\Diagnostyka\y9t9qkhy.exe[3276] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC .text E:\Install\Diagnostyka\y9t9qkhy.exe[3276] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 00C7008D .text E:\Install\Diagnostyka\y9t9qkhy.exe[3276] ws2_32.dll!connect 71A54A07 5 Bytes JMP 00C7002D .text E:\Install\Diagnostyka\y9t9qkhy.exe[3276] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 00C700BD .text E:\Install\Diagnostyka\y9t9qkhy.exe[3276] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00C7005D .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3368] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3368] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3368] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3368] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3368] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3368] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3368] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3368] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3368] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3368] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3368] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3368] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3368] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3368] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3368] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 0348008D .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3368] WS2_32.dll!connect 71A54A07 5 Bytes JMP 0348002D .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3368] WS2_32.dll!getpeername 71A60B68 5 Bytes JMP 034800BD .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3368] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 0348005D .text C:\WINDOWS\System32\svchost.exe[3628] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[3628] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3628] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[3628] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3628] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[3628] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[3628] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[3628] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[3628] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[3628] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[3628] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[3628] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[3628] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[3628] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[3628] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[3628] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[3628] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[3652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[3652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[3652] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[3652] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[3652] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[3652] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[3652] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[3652] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[3652] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[3652] ADVAPI32.DLL!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00991014 .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[3652] ADVAPI32.DLL!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00990804 .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[3652] ADVAPI32.DLL!ChangeServiceConfigW 77E27001 5 Bytes JMP 00990A08 .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[3652] ADVAPI32.DLL!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00990C0C .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[3652] ADVAPI32.DLL!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00990E10 .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[3652] ADVAPI32.DLL!CreateServiceA 77E27211 5 Bytes JMP 009901F8 .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[3652] ADVAPI32.DLL!CreateServiceW 77E273A9 5 Bytes JMP 009903FC .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[3652] ADVAPI32.DLL!DeleteService 77E274B1 5 Bytes JMP 00990600 .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[3652] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 0279008D .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[3652] ws2_32.dll!connect 71A54A07 5 Bytes JMP 0279002D .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[3652] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 027900BD .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[3652] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 0279005D .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3672] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3672] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3672] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 025A008D .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3672] WS2_32.dll!connect 71A54A07 5 Bytes JMP 025A002D .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3672] WS2_32.dll!getpeername 71A60B68 5 Bytes JMP 025A00BD .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3672] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 025A005D .text D:\Unlocker\UnlockerAssistant.exe[3716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text D:\Unlocker\UnlockerAssistant.exe[3716] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\Unlocker\UnlockerAssistant.exe[3716] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text D:\Unlocker\UnlockerAssistant.exe[3716] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\Unlocker\UnlockerAssistant.exe[3716] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text D:\Unlocker\UnlockerAssistant.exe[3716] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text D:\Unlocker\UnlockerAssistant.exe[3716] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text D:\Unlocker\UnlockerAssistant.exe[3716] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text D:\Unlocker\UnlockerAssistant.exe[3716] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text D:\Unlocker\UnlockerAssistant.exe[3716] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text D:\Unlocker\UnlockerAssistant.exe[3716] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text D:\Unlocker\UnlockerAssistant.exe[3716] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text D:\Unlocker\UnlockerAssistant.exe[3716] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text D:\Unlocker\UnlockerAssistant.exe[3716] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text D:\Unlocker\UnlockerAssistant.exe[3716] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text D:\Unlocker\UnlockerAssistant.exe[3716] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text D:\Unlocker\UnlockerAssistant.exe[3716] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text D:\Unlocker\UnlockerAssistant.exe[3716] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 00A5008D .text D:\Unlocker\UnlockerAssistant.exe[3716] ws2_32.dll!connect 71A54A07 5 Bytes JMP 00A5002D .text D:\Unlocker\UnlockerAssistant.exe[3716] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 00A500BD .text D:\Unlocker\UnlockerAssistant.exe[3716] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00A5005D .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3748] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3748] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3748] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3748] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3748] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3748] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3748] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3748] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3748] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3748] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3748] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3748] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3748] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3748] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3748] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3748] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3748] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text D:\Ad Muncher\AdMunch.exe[3800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text D:\Ad Muncher\AdMunch.exe[3800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\Ad Muncher\AdMunch.exe[3800] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text D:\Ad Muncher\AdMunch.exe[3800] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\Ad Muncher\AdMunch.exe[3800] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text D:\Ad Muncher\AdMunch.exe[3800] user32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text D:\Ad Muncher\AdMunch.exe[3800] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text D:\Ad Muncher\AdMunch.exe[3800] user32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text D:\Ad Muncher\AdMunch.exe[3800] user32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\oodtray.exe[3900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\oodtray.exe[3900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\oodtray.exe[3900] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\oodtray.exe[3900] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\oodtray.exe[3900] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\oodtray.exe[3900] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\oodtray.exe[3900] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\oodtray.exe[3900] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\oodtray.exe[3900] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\oodtray.exe[3900] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\oodtray.exe[3900] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\oodtray.exe[3900] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\oodtray.exe[3900] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\oodtray.exe[3900] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\oodtray.exe[3900] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\oodtray.exe[3900] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\oodtray.exe[3900] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\oodtray.exe[3900] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 011E008D .text C:\WINDOWS\system32\oodtray.exe[3900] WS2_32.dll!connect 71A54A07 5 Bytes JMP 011E002D .text C:\WINDOWS\system32\oodtray.exe[3900] WS2_32.dll!getpeername 71A60B68 5 Bytes JMP 011E00BD .text C:\WINDOWS\system32\oodtray.exe[3900] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 011E005D .text D:\Zone Labs\ZoneAlarm\zlclient.exe[4028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text D:\Zone Labs\ZoneAlarm\zlclient.exe[4028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\Zone Labs\ZoneAlarm\zlclient.exe[4028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text D:\Zone Labs\ZoneAlarm\zlclient.exe[4028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\Zone Labs\ZoneAlarm\zlclient.exe[4028] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00510804 .text D:\Zone Labs\ZoneAlarm\zlclient.exe[4028] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00510A08 .text D:\Zone Labs\ZoneAlarm\zlclient.exe[4028] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00510600 .text D:\Zone Labs\ZoneAlarm\zlclient.exe[4028] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005101F8 .text D:\Zone Labs\ZoneAlarm\zlclient.exe[4028] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005103FC .text D:\Zone Labs\ZoneAlarm\zlclient.exe[4028] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00521014 .text D:\Zone Labs\ZoneAlarm\zlclient.exe[4028] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00520804 .text D:\Zone Labs\ZoneAlarm\zlclient.exe[4028] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00520A08 .text D:\Zone Labs\ZoneAlarm\zlclient.exe[4028] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00520C0C .text D:\Zone Labs\ZoneAlarm\zlclient.exe[4028] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00520E10 .text D:\Zone Labs\ZoneAlarm\zlclient.exe[4028] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005201F8 .text D:\Zone Labs\ZoneAlarm\zlclient.exe[4028] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005203FC .text D:\Zone Labs\ZoneAlarm\zlclient.exe[4028] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00520600 .text D:\Zone Labs\ZoneAlarm\zlclient.exe[4028] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 01C4008D .text D:\Zone Labs\ZoneAlarm\zlclient.exe[4028] WS2_32.dll!connect 71A54A07 5 Bytes JMP 01C4002D .text D:\Zone Labs\ZoneAlarm\zlclient.exe[4028] WS2_32.dll!getpeername 71A60B68 5 Bytes JMP 01C400BD .text D:\Zone Labs\ZoneAlarm\zlclient.exe[4028] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 01C4005D .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00450804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00450A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00450600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004501F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004503FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 00CD008D .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ws2_32.dll!connect 71A54A07 5 Bytes JMP 00CD002D .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 00CD00BD .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00CD005D ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [A8AC8080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [A8AC7E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [A8AC87C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [A8AC63D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [A8AC63D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [A8AC8080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [A8AC7E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [A8AC87C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [A8AC8080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [A8AC63D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [A8AC87C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [A8AC7E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [A8AC87C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [A8AC7E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [A8AC8080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [A8AC63D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [A8AC8080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [A8AC7E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [A8AC87C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [A8AC87C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [A8AC7E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [A8AC63D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [A8AC8080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [A8AC8080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [A8AC63D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [A8AC87C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [A8AC7E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002 IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION 4CB71C96A17D73A8E47B83447736F872C813564CF1425029514A37B5C4A0B48981F7F9F137A32907792E913599162058F2C1FA9E4C233A3DD19B413054920CA140DE919885D9FC14DE5DDFC8B2F12DFE005F1161FD89F3BAFB2FC765A2FCE8728B08AEC96928FBCEB6C3DFC4927D2579D2E1D6FD65F59BED93D9EF85C04C1E1928C4FD1BC5095349674D6A428BE0307092F26CB5E6DEF0B220A2439441E1A7481E9A1273FE6B572D9A9BBAAF733798212A71D5986B2C587BEE4430E93F1524C5BAC061137F337E33BF85EF4F2512CFDA49F0F98FDB3BDC4CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A2D97226D213B5559DB7CE019D40AA5C9EC58155C0A3468F26B6C4D531610652760F0F548A1AC7898B83E17F18582E0D2602D3DC76BCE5210A80402EDC2A23894F0A0C2A7446A8EABEA77884B941E679C010044BF6759E795DB25D07CCD1248F4687E5B7C11724E4FBB245A0EF65801176FE895AB616B96066995DBE046DEA6283AF4522A80F52C9EB4BF8DA41D26D1B8F8E40972BDA22B33132E38A09857B92F45DB9E160A4717E7C492D90368D44731B3566E34E7368E10CAF7B6E6A180046479F33C127C0637F5F37D9F2DD8B41076B9D9F761F8440F00BF68D48369544B4F2BB87E1BC44AE5 ---- EOF - GMER 1.0.15 ----