GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-27 01:48:25 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\00000074 ST3160215AS rev.3.AAD 149,05GB Running: 4tlnp31b.exe; Driver: C:\DOCUME~1\Kornik\USTAWI~1\Temp\kfpcypow.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwAssignProcessToJobObject [0xA6EFA030] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0xA6EFA370] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDebugActiveProcess [0xA6EFA630] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDuplicateObject [0xA6EFA150] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0xA6EFA430] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenProcess [0xA6EF9ED0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenThread [0xA6EF9F90] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwProtectVirtualMemory [0xA6EFA0F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwQueueApcThread [0xA6EFA1B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwReplaceKey [0xA6EFA7F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwRestoreKey [0xA6EFA7B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetContextThread [0xA6EFA0B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetInformationThread [0xA6EFA070] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSecurityObject [0xA6EFA1F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0xA6EFA3F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendProcess [0xA6EF9F30] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendThread [0xA6EF9FB0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0xA6EFA3B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateProcess [0xA6EF9EF0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateThread [0xA6EF9FF0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwWriteVirtualMemory [0xA6EFA170] ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2758 80501F90 12 Bytes [30, 9F, EF, A6, B0, 9F, EF, ...] {XOR [EDI-0x604f5911], BL; OUT DX, EAX; CMPSB ; MOV AL, 0xa3; OUT DX, EAX; CMPSB } ---- User code sections - GMER 2.2 ---- .text C:\WINDOWS\system32\svchost.exe[196] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[196] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[196] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[196] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[196] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[196] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[196] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[196] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[196] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[196] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[196] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[196] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[312] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[312] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[312] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[312] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[312] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[312] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[312] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[312] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[312] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[312] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[312] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[312] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\egui.exe[348] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\egui.exe[348] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\egui.exe[348] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\egui.exe[348] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\egui.exe[348] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\egui.exe[348] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\egui.exe[348] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\egui.exe[348] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\egui.exe[348] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\egui.exe[348] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\egui.exe[348] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\egui.exe[348] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\spoolsv.exe[576] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\spoolsv.exe[576] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\spoolsv.exe[576] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\spoolsv.exe[576] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\spoolsv.exe[576] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\spoolsv.exe[576] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\spoolsv.exe[576] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\spoolsv.exe[576] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\spoolsv.exe[576] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\spoolsv.exe[576] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\spoolsv.exe[576] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\spoolsv.exe[576] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\ctfmon.exe[648] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\ctfmon.exe[648] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\ctfmon.exe[648] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\ctfmon.exe[648] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\ctfmon.exe[648] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\ctfmon.exe[648] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\ctfmon.exe[648] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\ctfmon.exe[648] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\ctfmon.exe[648] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\ctfmon.exe[648] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\ctfmon.exe[648] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\ctfmon.exe[648] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\SOUNDMAN.EXE[1212] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\SOUNDMAN.EXE[1212] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\SOUNDMAN.EXE[1212] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\SOUNDMAN.EXE[1212] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\SOUNDMAN.EXE[1212] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\SOUNDMAN.EXE[1212] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\SOUNDMAN.EXE[1212] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\SOUNDMAN.EXE[1212] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\SOUNDMAN.EXE[1212] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\SOUNDMAN.EXE[1212] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\SOUNDMAN.EXE[1212] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\SOUNDMAN.EXE[1212] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1336] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1336] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1336] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1336] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1336] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1336] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1336] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1336] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1336] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1336] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1336] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1336] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1360] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1360] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1360] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1360] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1360] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1472] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\svchost.exe[1596] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\svchost.exe[1596] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\svchost.exe[1596] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\svchost.exe[1596] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\svchost.exe[1596] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\svchost.exe[1596] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\svchost.exe[1596] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\svchost.exe[1596] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\svchost.exe[1596] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\svchost.exe[1596] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\svchost.exe[1596] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\svchost.exe[1596] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1692] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1692] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1692] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1692] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1692] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1728] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1728] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1728] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1728] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1728] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1736] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1792] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1792] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1792] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1792] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1792] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1792] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1792] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1792] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1792] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1792] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1792] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1792] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\ATKKBService.exe[1804] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\ATKKBService.exe[1804] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\ATKKBService.exe[1804] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\ATKKBService.exe[1804] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\ATKKBService.exe[1804] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\ATKKBService.exe[1804] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\ATKKBService.exe[1804] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\ATKKBService.exe[1804] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\ATKKBService.exe[1804] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\ATKKBService.exe[1804] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\ATKKBService.exe[1804] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\ATKKBService.exe[1804] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1828] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1828] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1828] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1828] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1828] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1828] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1828] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1828] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1828] KERNEL32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1828] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1828] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1828] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1828] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\Explorer.EXE[1896] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\Explorer.EXE[1896] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\Explorer.EXE[1896] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\Explorer.EXE[1896] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\Explorer.EXE[1896] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\Explorer.EXE[1896] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1968] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1968] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1968] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1968] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1968] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1968] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1968] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1968] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1968] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1968] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1968] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1968] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2188] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2188] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2188] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2188] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2188] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2188] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2188] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2188] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2188] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2188] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2188] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2188] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wscntfy.exe[2396] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wscntfy.exe[2396] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wscntfy.exe[2396] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wscntfy.exe[2396] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wscntfy.exe[2396] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wscntfy.exe[2396] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wscntfy.exe[2396] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wscntfy.exe[2396] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wscntfy.exe[2396] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wscntfy.exe[2396] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wscntfy.exe[2396] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\system32\wscntfy.exe[2396] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\alg.exe[2436] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\alg.exe[2436] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\alg.exe[2436] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\alg.exe[2436] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\WINDOWS\System32\alg.exe[2436] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll .text C:\Documents and Settings\Kornik\Moje dokumenty\Downloads\4tlnp31b.exe[2664] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\Documents and Settings\Kornik\Moje dokumenty\Downloads\4tlnp31b.exe[2664] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\Documents and Settings\Kornik\Moje dokumenty\Downloads\4tlnp31b.exe[2664] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\Documents and Settings\Kornik\Moje dokumenty\Downloads\4tlnp31b.exe[2664] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\Documents and Settings\Kornik\Moje dokumenty\Downloads\4tlnp31b.exe[2664] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\Documents and Settings\Kornik\Moje dokumenty\Downloads\4tlnp31b.exe[2664] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\Documents and Settings\Kornik\Moje dokumenty\Downloads\4tlnp31b.exe[2664] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\Documents and Settings\Kornik\Moje dokumenty\Downloads\4tlnp31b.exe[2664] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\Documents and Settings\Kornik\Moje dokumenty\Downloads\4tlnp31b.exe[2664] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\Documents and Settings\Kornik\Moje dokumenty\Downloads\4tlnp31b.exe[2664] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\Documents and Settings\Kornik\Moje dokumenty\Downloads\4tlnp31b.exe[2664] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\Documents and Settings\Kornik\Moje dokumenty\Downloads\4tlnp31b.exe[2664] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\HitmanPro.Alert\hmpalert.exe[3940] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1000B0F0 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\HitmanPro.Alert\hmpalert.exe[3940] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1000B490 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\HitmanPro.Alert\hmpalert.exe[3940] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 1000BD10 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\HitmanPro.Alert\hmpalert.exe[3940] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1000B5A0 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\HitmanPro.Alert\hmpalert.exe[3940] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000C120 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\HitmanPro.Alert\hmpalert.exe[3940] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 100560F0 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\HitmanPro.Alert\hmpalert.exe[3940] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 1000C220 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\HitmanPro.Alert\hmpalert.exe[3940] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 1000C650 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\HitmanPro.Alert\hmpalert.exe[3940] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 1001EC40 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\HitmanPro.Alert\hmpalert.exe[3940] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 1001EB20 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\HitmanPro.Alert\hmpalert.exe[3940] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 1001EBB0 C:\WINDOWS\system32\hmpalert.dll .text C:\Program Files\HitmanPro.Alert\hmpalert.exe[3940] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 1001EA90 C:\WINDOWS\system32\hmpalert.dll ---- Devices - GMER 2.2 ---- AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip hmpnet.sys Device \Driver\Kbdclass \Device\KeyboardClass0 hmpalert.sys Device \Driver\Kbdclass \Device\KeyboardClass1 hmpalert.sys AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp hmpnet.sys AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp hmpnet.sys AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp hmpnet.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Threads - GMER 2.2 ---- Thread System [4:1436] 891A4850 ---- EOF - GMER 2.2 ----