GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-09 20:58:00 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-e WDC_WD2500AAKS-00L9A0 rev.01.03E01 232,88GB Running: c518rynn.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\kwlyakow.sys ---- System - GMER 2.2 ---- SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwClose [0xB289F50E] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwCreateKey [0xB289F914] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwCreateSection [0xB28A72D5] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwCreateThread [0xB28A7D64] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwDebugActiveProcess [0xB28A6BA8] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwDeleteKey [0xB289E96B] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwDeleteValueKey [0xB289EA8F] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwDeviceIoControlFile [0xB28ADC17] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwEnumerateKey [0xB28B8327] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwEnumerateValueKey [0xB28B7232] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwFreeVirtualMemory [0xB28A6DDB] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwFsControlFile [0xB28AE603] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwInitiatePowerAction [0xB28AC62F] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwLoadDriver [0xB28ACF6B] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwOpenKey [0xB28B742D] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwOpenProcess [0xB28A6E28] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwOpenSection [0xB28AB5D7] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwProtectVirtualMemory [0xB28A60F4] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwQueryKey [0xB28B7886] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwQueryValueKey [0xB289F2A6] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwQueueApcThread [0xB28A5E93] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwRaiseHardError [0xB28AC668] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwRenameKey [0xB289FC8D] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwRequestWaitReplyPort [0xB28AD307] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwRestoreKey [0xB289F54D] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwSetContextThread [0xB28A6591] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwSetSystemInformation [0xB28ABB8E] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwSetSystemPowerState [0xB28AC5F6] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwSetSystemTime [0xB28AC5B3] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwSetValueKey [0xB289ECAA] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwShutdownSystem [0xB28ABA6F] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwSuspendProcess [0xB28A6516] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwSuspendThread [0xB28A5ED4] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwSystemDebugControl [0xB28ABA9E] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwTerminateJobObject [0xB28A632C] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwTerminateProcess [0xB28A62ED] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwTerminateThread [0xB28A6554] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwTestAlert [0xB28A7070] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwUnmapViewOfSection [0xB28A6D80] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwWriteFile [0xB28ACE05] SSDT \??\C:\WINDOWS\system32\drivers\kisknl.sys ZwWriteVirtualMemory [0xB28A6098] ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D84 8050466C 4 Bytes JMP D2B6F8FA .text ntkrnlpa.exe!ZwCallbackReturn + 2D8C 80504674 8 Bytes JMP DC17B289 .text ntkrnlpa.exe!ZwCallbackReturn + 3048 80504930 12 Bytes [8E, BB, 8A, B2, F6, C5, 8A, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 28 Bytes [16, 65, 8A, B2, D4, 5E, 8A, ...] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB69AD3C0, 0x84E2FA, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB1E68300, 0x3B6D8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8488300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 2.2 ---- .text C:\WINDOWS\Explorer.EXE[124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03235840 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\WINDOWS\Explorer.EXE[124] kernel32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 032340E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\WINDOWS\Explorer.EXE[124] kernel32.dll!CreateProcessInternalA 7C81CE78 5 Bytes JMP 032344E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\WINDOWS\Explorer.EXE[124] kernel32.dll!CopyFileExW 7C826B8A 7 Bytes JMP 03262B80 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\WINDOWS\Explorer.EXE[124] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 5 Bytes JMP 032353F0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\WINDOWS\Explorer.EXE[124] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 5 Bytes JMP 03235030 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\WINDOWS\Explorer.EXE[124] ADVAPI32.dll!RegSetValueExA 77DCEAE7 7 Bytes JMP 03236FA0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\WINDOWS\Explorer.EXE[124] SHLWAPI.dll!SHRegGetUSValueW 77F68D22 5 Bytes JMP 03234E90 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\WINDOWS\Explorer.EXE[124] SHELL32.dll!StrStrW 7C9CFA5C 4 Bytes [04, 00, 92, 02] .text C:\WINDOWS\Explorer.EXE[124] SHELL32.dll!ShellExecuteExW 7CA01E1B 5 Bytes JMP 03233F80 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, EC, 71, 00] {SUB AH, CH; JNO 0x4} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, EF, 71, 00] {SUB BH, CH; JNO 0x4} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, EC, 71, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, ED, 71, 00] {TEST AL, 0xed; JNO 0x4} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B914806 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, EE, 71, 00] {TEST AL, 0xee; JNO 0x4} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, ED, 71, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, EE, 71, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B914877 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, EC, 71, 00] {TEST AL, 0xec; JNO 0x4} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9149A5 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, ED, 71, 00] {SUB CH, CH; JNO 0x4} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, EE, 71, 00] {SUB DH, CH; JNO 0x4} .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, EF, 71, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[288] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 40, 4D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 43, 4D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 40, 4D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 41, 4D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91235A .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 42, 4D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 41, 4D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 42, 4D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9123CB .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 40, 4D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9124F9 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 41, 4D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 42, 4D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 43, 4D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[456] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\program files\kingsoft\kingsoft antivirus\kxetray.exe[1012] SHELL32.dll!ShellExecuteW 7CAB614D 5 Bytes JMP 00408C04 C:\program files\kingsoft\kingsoft antivirus\kxetray.exe .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FE2DB0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00FE2D20 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00FE3A10 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FE3900 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FE36F0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FE5780 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FE56E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FE3880 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] kernel32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 00FE40E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] kernel32.dll!CreateProcessInternalA 7C81CE78 5 Bytes JMP 00FE44E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] kernel32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 01012CD0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] kernel32.dll!CopyFileExW 7C826B8A 7 Bytes JMP 00FE3400 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] kernel32.dll!CopyFileA 7C827746 5 Bytes JMP 00FE34C0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] kernel32.dll!CopyFileW 7C82E8BB 5 Bytes JMP 00FE3630 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] kernel32.dll!CopyFileExA 7C85FF34 5 Bytes JMP 00FE3280 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] kernel32.dll!WinExec + 5 7C863236 5 Bytes JMP 00FE3EC0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 5 Bytes JMP 00FE53F0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 5 Bytes JMP 00FE5030 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] ADVAPI32.dll!RegSetValueExA 77DCEAE7 7 Bytes JMP 00FE6FA0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5545 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9B99 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D1CD C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADC24 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 406146FC C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A7997 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A78C9 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A7934 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A779A C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A77FC C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A79FA C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A785E C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] SHLWAPI.dll!SHRegGetUSValueW 77F68D22 5 Bytes JMP 00FE4E90 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] SHELL32.dll!ShellExecuteEx 7CA40FA5 5 Bytes JMP 00FE46D0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] SHELL32.dll!SHFileOperationW 7CA70B68 5 Bytes JMP 01012DF0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] ole32.dll!CoCreateInstance 774EF1D4 5 Bytes JMP 406ADC80 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] ole32.dll!CoGetClassObject 7750522D 5 Bytes JMP 01012E40 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] ole32.dll!OleLoadFromStream 7751988B 5 Bytes JMP 407A7CFF C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] WININET.dll!InternetOpenUrlA 3FD0753C 5 Bytes JMP 00FE30B0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] WININET.dll!HttpOpenRequestA 3FD165A8 5 Bytes JMP 00FE2E40 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] WININET.dll!InternetConnectW 3FD18902 5 Bytes JMP 00FE3010 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] WININET.dll!HttpOpenRequestW 3FD18C9B 5 Bytes JMP 00FE2F70 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] WININET.dll!InternetOpenUrlW 3FD6727F 5 Bytes JMP 00FE31E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 01012B00 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] WS2_32.dll!send 71A54C27 5 Bytes JMP 00FE1470 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 01012A10 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] WS2_32.dll!recv 71A5676F 5 Bytes JMP 01012AD0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 00FE1650 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1180] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 5 Bytes JMP 01012A40 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C0, 6D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, C3, 6D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C0, 6D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C1, 6D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9143DA .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, C2, 6D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C1, 6D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, C2, 6D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91444B .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C0, 6D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B914579 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C1, 6D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, C2, 6D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, C3, 6D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[1400] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01172DB0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 01172D20 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 01173A10 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01173900 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 011736F0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01175780 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011756E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01173880 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] kernel32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 011740E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] kernel32.dll!CreateProcessInternalA 7C81CE78 5 Bytes JMP 011744E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] kernel32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 011A2CD0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] kernel32.dll!CopyFileExW 7C826B8A 7 Bytes JMP 01173400 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] kernel32.dll!CopyFileA 7C827746 5 Bytes JMP 011734C0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] kernel32.dll!CopyFileW 7C82E8BB 5 Bytes JMP 01173630 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] kernel32.dll!CopyFileExA 7C85FF34 5 Bytes JMP 01173280 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] kernel32.dll!WinExec + 5 7C863236 5 Bytes JMP 01173EC0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 5 Bytes JMP 011753F0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 5 Bytes JMP 01175030 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] ADVAPI32.dll!RegSetValueExA 77DCEAE7 7 Bytes JMP 01176FA0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5545 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9B99 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D1CD C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADC24 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 406146FC C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A7997 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A78C9 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A7934 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A779A C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A77FC C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A79FA C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A785E C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] SHLWAPI.dll!SHRegGetUSValueW 77F68D22 5 Bytes JMP 01174E90 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] SHELL32.dll!ShellExecuteEx 7CA40FA5 5 Bytes JMP 011746D0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] SHELL32.dll!SHFileOperationW 7CA70B68 5 Bytes JMP 011A2DF0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] ole32.dll!CoCreateInstance 774EF1D4 5 Bytes JMP 406ADC80 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] ole32.dll!CoGetClassObject 7750522D 5 Bytes JMP 011A2E40 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] ole32.dll!OleLoadFromStream 7751988B 5 Bytes JMP 407A7CFF C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] WININET.dll!InternetOpenUrlA 3FD0753C 5 Bytes JMP 011730B0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] WININET.dll!HttpOpenRequestA 3FD165A8 5 Bytes JMP 01172E40 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] WININET.dll!InternetConnectW 3FD18902 5 Bytes JMP 01173010 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] WININET.dll!HttpOpenRequestW 3FD18C9B 5 Bytes JMP 01172F70 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] WININET.dll!InternetOpenUrlW 3FD6727F 5 Bytes JMP 011731E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 011A2B00 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] WS2_32.dll!send 71A54C27 5 Bytes JMP 01171470 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 011A2A10 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] WS2_32.dll!recv 71A5676F 5 Bytes JMP 011A2AD0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 01171650 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2016] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 5 Bytes JMP 011A2A40 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01392DB0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 01392D20 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 01393A10 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01393900 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 013936F0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01395780 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 013956E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01393880 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] kernel32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 013940E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] kernel32.dll!CreateProcessInternalA 7C81CE78 5 Bytes JMP 013944E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] kernel32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 013C2CD0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] kernel32.dll!CopyFileExW 7C826B8A 7 Bytes JMP 01393400 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] kernel32.dll!CopyFileA 7C827746 5 Bytes JMP 013934C0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] kernel32.dll!CopyFileW 7C82E8BB 5 Bytes JMP 01393630 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] kernel32.dll!CopyFileExA 7C85FF34 5 Bytes JMP 01393280 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] kernel32.dll!WinExec + 5 7C863236 5 Bytes JMP 01393EC0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 5 Bytes JMP 013953F0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 5 Bytes JMP 01395030 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] ADVAPI32.dll!RegSetValueExA 77DCEAE7 7 Bytes JMP 01396FA0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5545 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADC24 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A7997 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A78C9 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A7934 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A779A C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A77FC C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A79FA C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A785E C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] SHLWAPI.dll!SHRegGetUSValueW 77F68D22 5 Bytes JMP 01394E90 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] SHELL32.dll!ShellExecuteEx 7CA40FA5 5 Bytes JMP 013946D0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] SHELL32.dll!SHFileOperationW 7CA70B68 5 Bytes JMP 013C2DF0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] ole32.dll!CoGetClassObject 7750522D 5 Bytes JMP 013C2E40 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] WININET.dll!InternetOpenUrlA 3FD0753C 5 Bytes JMP 013930B0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] WININET.dll!HttpOpenRequestA 3FD165A8 5 Bytes JMP 01392E40 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] WININET.dll!InternetConnectW 3FD18902 5 Bytes JMP 01393010 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] WININET.dll!HttpOpenRequestW 3FD18C9B 5 Bytes JMP 01392F70 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] WININET.dll!InternetOpenUrlW 3FD6727F 5 Bytes JMP 013931E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] ws2_32.dll!closesocket 71A53E2B 5 Bytes JMP 013C2B00 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] ws2_32.dll!send 71A54C27 5 Bytes JMP 01391470 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] ws2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 013C2A10 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] ws2_32.dll!recv 71A5676F 5 Bytes JMP 013C2AD0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] ws2_32.dll!WSASend 71A568FA 5 Bytes JMP 01391650 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2196] ws2_32.dll!WSAGetOverlappedResult 71A60D1B 5 Bytes JMP 013C2A40 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01172DB0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 01172D20 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 01173A10 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01173900 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 011736F0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01175780 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011756E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01173880 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] kernel32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 011740E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] kernel32.dll!CreateProcessInternalA 7C81CE78 5 Bytes JMP 011744E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] kernel32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 011A2CD0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] kernel32.dll!CopyFileExW 7C826B8A 7 Bytes JMP 01173400 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] kernel32.dll!CopyFileA 7C827746 5 Bytes JMP 011734C0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] kernel32.dll!CopyFileW 7C82E8BB 5 Bytes JMP 01173630 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] kernel32.dll!CopyFileExA 7C85FF34 5 Bytes JMP 01173280 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] kernel32.dll!WinExec + 5 7C863236 5 Bytes JMP 01173EC0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 5 Bytes JMP 011753F0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 5 Bytes JMP 01175030 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] ADVAPI32.dll!RegSetValueExA 77DCEAE7 7 Bytes JMP 01176FA0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5545 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9B99 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D1CD C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADC24 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 406146FC C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A7997 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A78C9 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A7934 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A779A C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A77FC C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A79FA C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A785E C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] SHLWAPI.dll!SHRegGetUSValueW 77F68D22 5 Bytes JMP 01174E90 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] SHELL32.dll!ShellExecuteEx 7CA40FA5 5 Bytes JMP 011746D0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] SHELL32.dll!SHFileOperationW 7CA70B68 5 Bytes JMP 011A2DF0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] ole32.dll!CoCreateInstance 774EF1D4 5 Bytes JMP 406ADC80 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] ole32.dll!CoGetClassObject 7750522D 5 Bytes JMP 011A2E40 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] ole32.dll!OleLoadFromStream 7751988B 5 Bytes JMP 407A7CFF C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] WININET.dll!InternetOpenUrlA 3FD0753C 5 Bytes JMP 011730B0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] WININET.dll!HttpOpenRequestA 3FD165A8 5 Bytes JMP 01172E40 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] WININET.dll!InternetConnectW 3FD18902 5 Bytes JMP 01173010 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] WININET.dll!HttpOpenRequestW 3FD18C9B 5 Bytes JMP 01172F70 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] WININET.dll!InternetOpenUrlW 3FD6727F 5 Bytes JMP 011731E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 011A2B00 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] WS2_32.dll!send 71A54C27 5 Bytes JMP 01171470 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 011A2A10 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] WS2_32.dll!recv 71A5676F 5 Bytes JMP 011A2AD0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 01171650 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2328] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 5 Bytes JMP 011A2A40 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\WINDOWS\system32\SearchIndexer.exe[3036] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 011B2DB0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 011B2D20 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 011B3A10 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 011B3900 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 011B36F0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011B5780 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011B56E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 011B3880 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] kernel32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 011B40E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] kernel32.dll!CreateProcessInternalA 7C81CE78 5 Bytes JMP 011B44E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] kernel32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 011E2CD0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] kernel32.dll!CopyFileExW 7C826B8A 7 Bytes JMP 011B3400 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] kernel32.dll!CopyFileA 7C827746 5 Bytes JMP 011B34C0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] kernel32.dll!CopyFileW 7C82E8BB 5 Bytes JMP 011B3630 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] kernel32.dll!CopyFileExA 7C85FF34 5 Bytes JMP 011B3280 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] kernel32.dll!WinExec + 5 7C863236 5 Bytes JMP 011B3EC0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 5 Bytes JMP 011B53F0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 5 Bytes JMP 011B5030 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] ADVAPI32.dll!RegSetValueExA 77DCEAE7 7 Bytes JMP 011B6FA0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5545 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9B99 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D1CD C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADC24 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 406146FC C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A7997 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A78C9 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A7934 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A779A C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A77FC C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A79FA C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A785E C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] SHLWAPI.dll!SHRegGetUSValueW 77F68D22 5 Bytes JMP 011B4E90 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] SHELL32.dll!ShellExecuteEx 7CA40FA5 5 Bytes JMP 011B46D0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] SHELL32.dll!SHFileOperationW 7CA70B68 5 Bytes JMP 011E2DF0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] ole32.dll!CoCreateInstance 774EF1D4 5 Bytes JMP 406ADC80 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] ole32.dll!CoGetClassObject 7750522D 5 Bytes JMP 011E2E40 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] ole32.dll!OleLoadFromStream 7751988B 5 Bytes JMP 407A7CFF C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] WININET.dll!InternetOpenUrlA 3FD0753C 5 Bytes JMP 011B30B0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] WININET.dll!HttpOpenRequestA 3FD165A8 5 Bytes JMP 011B2E40 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] WININET.dll!InternetConnectW 3FD18902 5 Bytes JMP 011B3010 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] WININET.dll!HttpOpenRequestW 3FD18C9B 5 Bytes JMP 011B2F70 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] WININET.dll!InternetOpenUrlW 3FD6727F 5 Bytes JMP 011B31E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 011E2B00 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] WS2_32.dll!send 71A54C27 5 Bytes JMP 011B1470 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 011E2A10 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] WS2_32.dll!recv 71A5676F 5 Bytes JMP 011E2AD0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 011B1650 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3240] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 5 Bytes JMP 011E2A40 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01482DB0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 01482D20 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 01483A10 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01483900 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 014836F0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01485780 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 014856E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 014B29B0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01483880 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 014B2B20 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] kernel32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 014840E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] kernel32.dll!CreateProcessInternalA 7C81CE78 5 Bytes JMP 014844E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] kernel32.dll!CopyFileExW 7C826B8A 7 Bytes JMP 01483400 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] kernel32.dll!CopyFileA 7C827746 5 Bytes JMP 014834C0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] kernel32.dll!CopyFileW 7C82E8BB 5 Bytes JMP 01483630 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] kernel32.dll!CopyFileExA 7C85FF34 5 Bytes JMP 01483280 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] kernel32.dll!WinExec + 5 7C863236 5 Bytes JMP 01483EC0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] WININET.dll!InternetOpenUrlA 3FD0753C 5 Bytes JMP 014830B0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] WININET.dll!HttpOpenRequestA 3FD165A8 5 Bytes JMP 01482E40 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] WININET.dll!InternetConnectW 3FD18902 5 Bytes JMP 01483010 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] WININET.dll!HttpOpenRequestW 3FD18C9B 5 Bytes JMP 01482F70 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] WININET.dll!InternetOpenUrlW 3FD6727F 5 Bytes JMP 014831E0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] ole32.dll!CoGetClassObject 7750522D 5 Bytes JMP 014AE640 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] SHELL32.dll!ShellExecuteEx 7CA40FA5 5 Bytes JMP 014846D0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 014B2B00 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] WS2_32.dll!send 71A54C27 5 Bytes JMP 01481470 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 014B2A10 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] WS2_32.dll!recv 71A5676F 5 Bytes JMP 014B2AD0 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 01481650 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3684] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 5 Bytes JMP 014B2A40 C:\program files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 8C, 1D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 8F, 1D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 8C, 1D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 8D, 1D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F3A6 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 8E, 1D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 8D, 1D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 8E, 1D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F417 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 8C, 1D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F545 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 8D, 1D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 8E, 1D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 8F, 1D, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3948] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 88, 6C, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 8B, 6C, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 88, 6C, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 89, 6C, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9142A2 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 8A, 6C, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 89, 6C, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 8A, 6C, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B914313 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 88, 6C, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B914441 .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 89, 6C, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 8A, 6C, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 8B, 6C, 00] .text C:\Program Files\Opera\36.0.2130.80\opera.exe[3956] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Devices - GMER 2.2 ---- AttachedDevice \FileSystem\Ntfs \Ntfs kisknl.sys AttachedDevice \Driver\Tcpip \Device\Ip kdhacker.sys AttachedDevice \Driver\Tcpip \Device\Tcp kdhacker.sys AttachedDevice \Driver\Tcpip \Device\Udp kdhacker.sys AttachedDevice \Driver\Tcpip \Device\RawIp kdhacker.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SOFTWARE\Classes\Microsoft.PowerShellScript.1\shell\Uruchom za pomocą programu PowerShell Reg HKLM\SOFTWARE\Classes\Microsoft.PowerShellScript.1\shell\Uruchom za pomocą programu PowerShell\command Reg HKLM\SOFTWARE\Classes\Microsoft.PowerShellScript.1\shell\Uruchom za pomocą programu PowerShell\command@ "C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe" "-file" "%1" ---- EOF - GMER 2.2 ----