GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-01-03 19:27:26 Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-7 ST3200822AS rev.3.01 Running: iigmkcf6.exe; Driver: E:\Users\kamil\AppData\Local\Temp\kwacypob.sys ---- System - GMER 1.0.15 ---- SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwAllocateVirtualMemory [0x8E58642C] SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwAlpcConnectPort [0x8E584A8C] SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwAlpcCreatePort [0x8E58455E] SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwAssignProcessToJobObject [0x8E585928] SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwConnectPort [0x8E58464C] SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwCreateFile [0x8E58B316] SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwCreatePort [0x8E58446A] SSDT 8DAA8576 ZwCreateSection SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwCreateThread [0x8E583634] SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwCreateThreadEx [0x8E583768] SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwDebugActiveProcess [0x8E583D22] SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwDuplicateObject [0x8E58432C] SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwLoadDriver [0x8E585350] SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwOpenFile [0x8E58B694] SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwOpenSection [0x8E5827B4] SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwOpenThread [0x8E5838B0] SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwProtectVirtualMemory [0x8E5856DA] SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwQueueApcThread [0x8E585A44] SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwRequestPort [0x8E584CB0] SSDT 8DAA8580 ZwRequestWaitReplyPort SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwResumeThread [0x8E5840CE] SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwSecureConnectPort [0x8E58486E] SSDT 8DAA857B ZwSetContextThread SSDT 8DAA8585 ZwSetSecurityObject SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwSetSystemInformation [0x8E5860E0] SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwShutdownSystem [0x8E58528A] SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwSuspendProcess [0x8E5841FE] SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwSuspendThread [0x8E583F7A] SSDT 8DAA858A ZwSystemDebugControl SSDT 8DAA8517 ZwTerminateProcess SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwTerminateThread [0x8E583A66] SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwUnloadDriver [0x8E585518] SSDT \??\E:\Windows\system32\drivers\OADriver.sys ZwWriteVirtualMemory [0x8E585804] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 8344B369 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83484D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 8348BDA8 4 Bytes [2C, 64, 58, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 8348BDB4 8 Bytes [8C, 4A, 58, 8E, 5E, 45, 58, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 8348BE08 4 Bytes [28, 59, 58, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 1193 8348BE48 4 Bytes [4C, 46, 58, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 8348BE64 4 Bytes [16, B3, 58, 8E] .text ... .text sptd.sys 892AE001 31 Bytes [27, 82, 83, 34, C2, 82, 83, ...] .text sptd.sys 892AE024 196 Bytes [60, 97, 4A, 83, 05, D0, 52, ...] .text sptd.sys 892AE0E9 163 Bytes [6B, 44, 83, FA, F4, 4A, 83, ...] .text sptd.sys 892AE18D 63 Bytes [78, 49, 83, A9, DD, 4B, 83, ...] .text sptd.sys 892AE1D4 4 Bytes [27, 39, 4F, 4E] {DAA ; CMP [EDI+0x4e], ECX} .text ... .sptd2 E:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x8935A1AA] ? E:\Windows\System32\Drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text E:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8FA0B000, 0x3B8195, 0xE8000020] .text USBPORT.SYS!DllUnload 8ED81DB9 5 Bytes JMP 866F51C8 PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A7D4B000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A7D4B123 629 Bytes [65, D4, A7, FE, 05, 34, 65, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 A7D4B399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F A7D4B3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B A7D4B4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text H:\Moje\Downloads\iigmkcf6.exe[684] ntdll.dll!NtAcceptConnectPort 77B851A8 3 Bytes [FF, 25, 1E] .text H:\Moje\Downloads\iigmkcf6.exe[684] ntdll.dll!NtAcceptConnectPort + 4 77B851AC 2 Bytes [65, 71] .text H:\Moje\Downloads\iigmkcf6.exe[684] ntdll.dll!NtCreateSymbolicLinkObject 77B85708 3 Bytes [FF, 25, 1E] .text H:\Moje\Downloads\iigmkcf6.exe[684] ntdll.dll!NtCreateSymbolicLinkObject + 4 77B8570C 2 Bytes [68, 71] .text H:\Moje\Downloads\iigmkcf6.exe[684] kernel32.dll!CreateProcessW 76F4204D 6 Bytes JMP 71A50F5A .text H:\Moje\Downloads\iigmkcf6.exe[684] kernel32.dll!CreateProcessA 76F42082 6 Bytes JMP 71A80F5A .text H:\Moje\Downloads\iigmkcf6.exe[684] kernel32.dll!LoadLibraryA 76F8DC65 6 Bytes JMP 716F0F5A .text H:\Moje\Downloads\iigmkcf6.exe[684] kernel32.dll!CloseHandle 76F8E868 6 Bytes JMP 718A0F5A .text H:\Moje\Downloads\iigmkcf6.exe[684] kernel32.dll!CreateFileW 76F8E8A5 6 Bytes JMP 718D0F5A .text H:\Moje\Downloads\iigmkcf6.exe[684] kernel32.dll!LoadLibraryW 76F8EF42 6 Bytes JMP 716C0F5A .text H:\Moje\Downloads\iigmkcf6.exe[684] user32.dll!RegisterHotKey 777AAA19 3 Bytes [FF, 25, 1E] .text H:\Moje\Downloads\iigmkcf6.exe[684] user32.dll!RegisterHotKey + 4 777AAA1D 2 Bytes [7D, 71] {JGE 0x73} .text H:\Moje\Downloads\iigmkcf6.exe[684] user32.dll!ExitWindowsEx 777F06C7 6 Bytes JMP 71A20F5A .text H:\Moje\Downloads\iigmkcf6.exe[684] user32.dll!DdeClientTransaction 7780323C 6 Bytes JMP 71810F5A .text H:\Moje\Downloads\iigmkcf6.exe[684] GDI32.dll!DeleteDC 773E6EAA 6 Bytes JMP 71750F5A .text H:\Moje\Downloads\iigmkcf6.exe[684] GDI32.dll!BitBlt 773E72C0 6 Bytes JMP 71720F5A .text H:\Moje\Downloads\iigmkcf6.exe[684] GDI32.dll!CreateDCA 773ECCA9 6 Bytes JMP 717B0F5A .text H:\Moje\Downloads\iigmkcf6.exe[684] GDI32.dll!CreateDCW 773ECF79 6 Bytes JMP 71780F5A .text H:\Moje\Downloads\iigmkcf6.exe[684] advapi32.dll!CreateServiceW 7789712C 6 Bytes JMP 71840F5A .text H:\Moje\Downloads\iigmkcf6.exe[684] advapi32.dll!CreateServiceA 778B3158 6 Bytes JMP 71870F5A .text H:\Moje\Downloads\iigmkcf6.exe[684] advapi32.dll!InitiateSystemShutdownW 778CDA6D 6 Bytes JMP 719C0F5A .text H:\Moje\Downloads\iigmkcf6.exe[684] advapi32.dll!InitiateSystemShutdownExW 778CDB3A 6 Bytes JMP 71960F5A .text H:\Moje\Downloads\iigmkcf6.exe[684] advapi32.dll!InitiateSystemShutdownA 778CDC0F 6 Bytes JMP 719F0F5A .text H:\Moje\Downloads\iigmkcf6.exe[684] advapi32.dll!InitiateSystemShutdownExA 778CDCB6 6 Bytes JMP 71990F5A .text H:\Moje\Downloads\iigmkcf6.exe[684] WS2_32.dll!socket 77CA3EB8 6 Bytes JMP 71AE0F5A .text H:\Moje\Downloads\iigmkcf6.exe[684] IPHLPAPI.DLL!IcmpSendEcho2Ex 751B843C 6 Bytes JMP 71900F5A .text H:\Moje\Downloads\iigmkcf6.exe[684] IPHLPAPI.DLL!IcmpSendEcho2 751B873B 6 Bytes JMP 71930F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] ntdll.dll!NtAcceptConnectPort 77B851A8 3 Bytes [FF, 25, 1E] .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] ntdll.dll!NtAcceptConnectPort + 4 77B851AC 2 Bytes [65, 71] .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] ntdll.dll!NtCreateSymbolicLinkObject 77B85708 3 Bytes [FF, 25, 1E] .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] ntdll.dll!NtCreateSymbolicLinkObject + 4 77B8570C 2 Bytes [68, 71] .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] KERNEL32.dll!CreateProcessW 76F4204D 6 Bytes JMP 71A50F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] KERNEL32.dll!CreateProcessA 76F42082 6 Bytes JMP 71A80F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] KERNEL32.dll!LoadLibraryA 76F8DC65 6 Bytes JMP 716F0F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] KERNEL32.dll!CloseHandle 76F8E868 6 Bytes JMP 718A0F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] KERNEL32.dll!CreateFileW 76F8E8A5 6 Bytes JMP 718D0F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] KERNEL32.dll!LoadLibraryW 76F8EF42 6 Bytes JMP 716C0F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] user32.dll!RegisterHotKey 777AAA19 3 Bytes [FF, 25, 1E] .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] user32.dll!RegisterHotKey + 4 777AAA1D 2 Bytes [7D, 71] {JGE 0x73} .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] user32.dll!ExitWindowsEx 777F06C7 6 Bytes JMP 71A20F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] user32.dll!DdeClientTransaction 7780323C 6 Bytes JMP 71810F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] GDI32.dll!DeleteDC 773E6EAA 6 Bytes JMP 71750F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] GDI32.dll!BitBlt 773E72C0 6 Bytes JMP 71720F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] GDI32.dll!CreateDCA 773ECCA9 6 Bytes JMP 717B0F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] GDI32.dll!CreateDCW 773ECF79 6 Bytes JMP 71780F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] advapi32.dll!CreateServiceW 7789712C 6 Bytes JMP 71840F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] advapi32.dll!CreateServiceA 778B3158 6 Bytes JMP 71870F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] advapi32.dll!InitiateSystemShutdownW 778CDA6D 6 Bytes JMP 719C0F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] advapi32.dll!InitiateSystemShutdownExW 778CDB3A 6 Bytes JMP 71960F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] advapi32.dll!InitiateSystemShutdownA 778CDC0F 6 Bytes JMP 719F0F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] advapi32.dll!InitiateSystemShutdownExA 778CDCB6 6 Bytes JMP 71990F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] WS2_32.dll!socket 77CA3EB8 6 Bytes JMP 71AE0F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] IPHLPAPI.DLL!IcmpSendEcho2Ex 751B843C 6 Bytes JMP 71900F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1372] IPHLPAPI.DLL!IcmpSendEcho2 751B873B 6 Bytes JMP 71930F5A .text H:\Programy\Online Armor\oasrv.exe[1568] user32.dll!LoadStringA 777A66A7 6 Bytes JMP 71AF0F5A .text H:\Programy\Online Armor\oasrv.exe[1568] user32.dll!LoadStringW 777ADFBA 6 Bytes JMP 71A90F5A .text E:\Windows\system32\Dwm.exe[2176] ntdll.dll!NtAcceptConnectPort 77B851A8 3 Bytes [FF, 25, 1E] .text E:\Windows\system32\Dwm.exe[2176] ntdll.dll!NtAcceptConnectPort + 4 77B851AC 2 Bytes [66, 71] .text E:\Windows\system32\Dwm.exe[2176] ntdll.dll!NtCreateSymbolicLinkObject 77B85708 3 Bytes [FF, 25, 1E] .text E:\Windows\system32\Dwm.exe[2176] ntdll.dll!NtCreateSymbolicLinkObject + 4 77B8570C 2 Bytes [69, 71] .text E:\Windows\system32\Dwm.exe[2176] kernel32.dll!CreateProcessW 76F4204D 6 Bytes JMP 71A60F5A .text E:\Windows\system32\Dwm.exe[2176] kernel32.dll!CreateProcessA 76F42082 6 Bytes JMP 71A90F5A .text E:\Windows\system32\Dwm.exe[2176] kernel32.dll!LoadLibraryA 76F8DC65 6 Bytes JMP 71700F5A .text E:\Windows\system32\Dwm.exe[2176] kernel32.dll!CloseHandle 76F8E868 6 Bytes JMP 718B0F5A .text E:\Windows\system32\Dwm.exe[2176] kernel32.dll!CreateFileW 76F8E8A5 6 Bytes JMP 718E0F5A .text E:\Windows\system32\Dwm.exe[2176] kernel32.dll!LoadLibraryW 76F8EF42 6 Bytes JMP 716D0F5A .text E:\Windows\system32\Dwm.exe[2176] GDI32.dll!DeleteDC 773E6EAA 6 Bytes JMP 71760F5A .text E:\Windows\system32\Dwm.exe[2176] GDI32.dll!BitBlt 773E72C0 6 Bytes JMP 71730F5A .text E:\Windows\system32\Dwm.exe[2176] GDI32.dll!CreateDCA 773ECCA9 6 Bytes JMP 717C0F5A .text E:\Windows\system32\Dwm.exe[2176] GDI32.dll!CreateDCW 773ECF79 6 Bytes JMP 71790F5A .text E:\Windows\system32\Dwm.exe[2176] USER32.dll!RegisterHotKey 777AAA19 3 Bytes [FF, 25, 1E] .text E:\Windows\system32\Dwm.exe[2176] USER32.dll!RegisterHotKey + 4 777AAA1D 2 Bytes [7E, 71] {JLE 0x73} .text E:\Windows\system32\Dwm.exe[2176] USER32.dll!ExitWindowsEx 777F06C7 6 Bytes JMP 71A30F5A .text E:\Windows\system32\Dwm.exe[2176] USER32.dll!DdeClientTransaction 7780323C 6 Bytes JMP 71820F5A .text E:\Windows\system32\Dwm.exe[2176] ADVAPI32.dll!CreateServiceW 7789712C 6 Bytes JMP 71850F5A .text E:\Windows\system32\Dwm.exe[2176] ADVAPI32.dll!CreateServiceA 778B3158 6 Bytes JMP 71880F5A .text E:\Windows\system32\Dwm.exe[2176] ADVAPI32.dll!InitiateSystemShutdownW 778CDA6D 6 Bytes JMP 719D0F5A .text E:\Windows\system32\Dwm.exe[2176] ADVAPI32.dll!InitiateSystemShutdownExW 778CDB3A 6 Bytes JMP 71970F5A .text E:\Windows\system32\Dwm.exe[2176] ADVAPI32.dll!InitiateSystemShutdownA 778CDC0F 6 Bytes JMP 71A00F5A .text E:\Windows\system32\Dwm.exe[2176] ADVAPI32.dll!InitiateSystemShutdownExA 778CDCB6 6 Bytes JMP 719A0F5A .text E:\Windows\system32\Dwm.exe[2176] WS2_32.dll!socket 77CA3EB8 6 Bytes JMP 71AF0F5A .text E:\Windows\system32\Dwm.exe[2176] IPHLPAPI.DLL!IcmpSendEcho2Ex 751B843C 6 Bytes JMP 71910F5A .text E:\Windows\system32\Dwm.exe[2176] IPHLPAPI.DLL!IcmpSendEcho2 751B873B 6 Bytes JMP 71940F5A .text E:\Windows\system32\taskhost.exe[2192] ntdll.dll!NtAcceptConnectPort 77B851A8 3 Bytes [FF, 25, 1E] .text E:\Windows\system32\taskhost.exe[2192] ntdll.dll!NtAcceptConnectPort + 4 77B851AC 2 Bytes [66, 71] .text E:\Windows\system32\taskhost.exe[2192] ntdll.dll!NtCreateSymbolicLinkObject 77B85708 3 Bytes [FF, 25, 1E] .text E:\Windows\system32\taskhost.exe[2192] ntdll.dll!NtCreateSymbolicLinkObject + 4 77B8570C 2 Bytes [69, 71] .text E:\Windows\system32\taskhost.exe[2192] kernel32.dll!CreateProcessW 76F4204D 6 Bytes JMP 71A60F5A .text E:\Windows\system32\taskhost.exe[2192] kernel32.dll!CreateProcessA 76F42082 6 Bytes JMP 71A90F5A .text E:\Windows\system32\taskhost.exe[2192] kernel32.dll!LoadLibraryA 76F8DC65 6 Bytes JMP 71700F5A .text E:\Windows\system32\taskhost.exe[2192] kernel32.dll!CloseHandle 76F8E868 6 Bytes JMP 718B0F5A .text E:\Windows\system32\taskhost.exe[2192] kernel32.dll!CreateFileW 76F8E8A5 6 Bytes JMP 718E0F5A .text E:\Windows\system32\taskhost.exe[2192] kernel32.dll!LoadLibraryW 76F8EF42 6 Bytes JMP 716D0F5A .text E:\Windows\system32\taskhost.exe[2192] GDI32.dll!DeleteDC 773E6EAA 6 Bytes JMP 71760F5A .text E:\Windows\system32\taskhost.exe[2192] GDI32.dll!BitBlt 773E72C0 6 Bytes JMP 71730F5A .text E:\Windows\system32\taskhost.exe[2192] GDI32.dll!CreateDCA 773ECCA9 6 Bytes JMP 717C0F5A .text E:\Windows\system32\taskhost.exe[2192] GDI32.dll!CreateDCW 773ECF79 6 Bytes JMP 71790F5A .text E:\Windows\system32\taskhost.exe[2192] USER32.dll!RegisterHotKey 777AAA19 3 Bytes [FF, 25, 1E] .text E:\Windows\system32\taskhost.exe[2192] USER32.dll!RegisterHotKey + 4 777AAA1D 2 Bytes [7E, 71] {JLE 0x73} .text E:\Windows\system32\taskhost.exe[2192] USER32.dll!ExitWindowsEx 777F06C7 6 Bytes JMP 71A30F5A .text E:\Windows\system32\taskhost.exe[2192] USER32.dll!DdeClientTransaction 7780323C 6 Bytes JMP 71820F5A .text E:\Windows\system32\taskhost.exe[2192] advapi32.dll!CreateServiceW 7789712C 6 Bytes JMP 71850F5A .text E:\Windows\system32\taskhost.exe[2192] advapi32.dll!CreateServiceA 778B3158 6 Bytes JMP 71880F5A .text E:\Windows\system32\taskhost.exe[2192] advapi32.dll!InitiateSystemShutdownW 778CDA6D 6 Bytes JMP 719D0F5A .text E:\Windows\system32\taskhost.exe[2192] advapi32.dll!InitiateSystemShutdownExW 778CDB3A 6 Bytes JMP 71970F5A .text E:\Windows\system32\taskhost.exe[2192] advapi32.dll!InitiateSystemShutdownA 778CDC0F 6 Bytes JMP 71A00F5A .text E:\Windows\system32\taskhost.exe[2192] advapi32.dll!InitiateSystemShutdownExA 778CDCB6 6 Bytes JMP 719A0F5A .text E:\Windows\system32\taskhost.exe[2192] WS2_32.dll!socket 77CA3EB8 6 Bytes JMP 71AF0F5A .text E:\Windows\system32\taskhost.exe[2192] IPHLPAPI.DLL!IcmpSendEcho2Ex 751B843C 6 Bytes JMP 71910F5A .text E:\Windows\system32\taskhost.exe[2192] IPHLPAPI.DLL!IcmpSendEcho2 751B873B 6 Bytes JMP 71940F5A .text E:\Windows\Explorer.EXE[2236] ntdll.dll!NtAcceptConnectPort 77B851A8 3 Bytes [FF, 25, 1E] .text E:\Windows\Explorer.EXE[2236] ntdll.dll!NtAcceptConnectPort + 4 77B851AC 2 Bytes [6C, 71] .text E:\Windows\Explorer.EXE[2236] ntdll.dll!NtCreateSymbolicLinkObject 77B85708 3 Bytes [FF, 25, 1E] .text E:\Windows\Explorer.EXE[2236] ntdll.dll!NtCreateSymbolicLinkObject + 4 77B8570C 2 Bytes [6F, 71] .text E:\Windows\Explorer.EXE[2236] kernel32.dll!CreateProcessW 76F4204D 6 Bytes JMP 71A60F5A .text E:\Windows\Explorer.EXE[2236] kernel32.dll!CreateProcessA 76F42082 6 Bytes JMP 71A90F5A .text E:\Windows\Explorer.EXE[2236] kernel32.dll!LoadLibraryA 76F8DC65 6 Bytes JMP 71760F5A .text E:\Windows\Explorer.EXE[2236] kernel32.dll!LoadLibraryW 76F8EF42 6 Bytes JMP 71730F5A .text E:\Windows\Explorer.EXE[2236] ADVAPI32.dll!CreateServiceW 7789712C 6 Bytes JMP 718B0F5A .text E:\Windows\Explorer.EXE[2236] ADVAPI32.dll!CreateServiceA 778B3158 6 Bytes JMP 718E0F5A .text E:\Windows\Explorer.EXE[2236] ADVAPI32.dll!InitiateSystemShutdownW 778CDA6D 6 Bytes JMP 719D0F5A .text E:\Windows\Explorer.EXE[2236] ADVAPI32.dll!InitiateSystemShutdownExW 778CDB3A 6 Bytes JMP 71970F5A .text E:\Windows\Explorer.EXE[2236] ADVAPI32.dll!InitiateSystemShutdownA 778CDC0F 6 Bytes JMP 71A00F5A .text E:\Windows\Explorer.EXE[2236] ADVAPI32.dll!InitiateSystemShutdownExA 778CDCB6 6 Bytes JMP 719A0F5A .text E:\Windows\Explorer.EXE[2236] GDI32.dll!DeleteDC 773E6EAA 6 Bytes JMP 717C0F5A .text E:\Windows\Explorer.EXE[2236] GDI32.dll!BitBlt 773E72C0 6 Bytes JMP 71790F5A .text E:\Windows\Explorer.EXE[2236] GDI32.dll!CreateDCA 773ECCA9 6 Bytes JMP 71820F5A .text E:\Windows\Explorer.EXE[2236] GDI32.dll!CreateDCW 773ECF79 6 Bytes JMP 717F0F5A .text E:\Windows\Explorer.EXE[2236] USER32.dll!RegisterHotKey 777AAA19 3 Bytes [FF, 25, 1E] .text E:\Windows\Explorer.EXE[2236] USER32.dll!RegisterHotKey + 4 777AAA1D 2 Bytes [84, 71] .text E:\Windows\Explorer.EXE[2236] USER32.dll!ExitWindowsEx 777F06C7 6 Bytes JMP 71A30F5A .text E:\Windows\Explorer.EXE[2236] USER32.dll!DdeClientTransaction 7780323C 6 Bytes JMP 71880F5A .text E:\Windows\Explorer.EXE[2236] WS2_32.dll!socket 77CA3EB8 6 Bytes JMP 71AF0F5A .text E:\Windows\Explorer.EXE[2236] IPHLPAPI.DLL!IcmpSendEcho2Ex 751B843C 6 Bytes JMP 71910F5A .text E:\Windows\Explorer.EXE[2236] IPHLPAPI.DLL!IcmpSendEcho2 751B873B 6 Bytes JMP 71940F5A .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] ntdll.dll!NtAcceptConnectPort 77B851A8 3 Bytes [FF, 25, 1E] .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] ntdll.dll!NtAcceptConnectPort + 4 77B851AC 2 Bytes [5D, 71] .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] ntdll.dll!NtCreateSymbolicLinkObject 77B85708 3 Bytes [FF, 25, 1E] .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] ntdll.dll!NtCreateSymbolicLinkObject + 4 77B8570C 2 Bytes [60, 71] .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] kernel32.dll!CreateProcessW 76F4204D 6 Bytes JMP 71A60F5A .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] kernel32.dll!CreateProcessA 76F42082 6 Bytes JMP 71A90F5A .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] kernel32.dll!LoadLibraryA 76F8DC65 6 Bytes JMP 71670F5A .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] kernel32.dll!CloseHandle 76F8E868 6 Bytes JMP 718B0F5A .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] kernel32.dll!CreateFileW 76F8E8A5 6 Bytes JMP 718E0F5A .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] kernel32.dll!LoadLibraryW 76F8EF42 6 Bytes JMP 71640F5A .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] ADVAPI32.dll!CreateServiceW 7789712C 6 Bytes JMP 71850F5A .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] ADVAPI32.dll!CreateServiceA 778B3158 6 Bytes JMP 71880F5A .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] ADVAPI32.dll!InitiateSystemShutdownW 778CDA6D 6 Bytes JMP 719D0F5A .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] ADVAPI32.dll!InitiateSystemShutdownExW 778CDB3A 6 Bytes JMP 71970F5A .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] ADVAPI32.dll!InitiateSystemShutdownA 778CDC0F 6 Bytes JMP 71A00F5A .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] ADVAPI32.dll!InitiateSystemShutdownExA 778CDCB6 6 Bytes JMP 719A0F5A .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] GDI32.dll!DeleteDC 773E6EAA 6 Bytes JMP 71760F5A .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] GDI32.dll!BitBlt 773E72C0 6 Bytes JMP 71730F5A .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] GDI32.dll!CreateDCA 773ECCA9 6 Bytes JMP 717C0F5A .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] GDI32.dll!CreateDCW 773ECF79 6 Bytes JMP 71790F5A .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] USER32.dll!RegisterHotKey 777AAA19 3 Bytes [FF, 25, 1E] .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] USER32.dll!RegisterHotKey + 4 777AAA1D 2 Bytes [7E, 71] {JLE 0x73} .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] USER32.dll!ExitWindowsEx 777F06C7 6 Bytes JMP 71A30F5A .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] USER32.dll!DdeClientTransaction 7780323C 6 Bytes JMP 71820F5A .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] WS2_32.dll!socket 77CA3EB8 6 Bytes JMP 71AF0F5A .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] IPHLPAPI.DLL!IcmpSendEcho2Ex 751B843C 6 Bytes JMP 71910F5A .text E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2592] IPHLPAPI.DLL!IcmpSendEcho2 751B873B 6 Bytes JMP 71940F5A .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] ntdll.dll!NtAcceptConnectPort 77B851A8 3 Bytes [FF, 25, 1E] .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] ntdll.dll!NtAcceptConnectPort + 4 77B851AC 2 Bytes [5D, 71] .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] ntdll.dll!NtCreateSymbolicLinkObject 77B85708 3 Bytes [FF, 25, 1E] .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] ntdll.dll!NtCreateSymbolicLinkObject + 4 77B8570C 2 Bytes [60, 71] .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] kernel32.dll!CreateProcessW 76F4204D 6 Bytes JMP 71A60F5A .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] kernel32.dll!CreateProcessA 76F42082 6 Bytes JMP 71A90F5A .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] kernel32.dll!LoadLibraryA 76F8DC65 6 Bytes JMP 71670F5A .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] kernel32.dll!CloseHandle 76F8E868 6 Bytes JMP 718B0F5A .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] kernel32.dll!CreateFileW 76F8E8A5 6 Bytes JMP 718E0F5A .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] kernel32.dll!LoadLibraryW 76F8EF42 6 Bytes JMP 71640F5A .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] WS2_32.dll!socket 77CA3EB8 6 Bytes JMP 71AF0F5A .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] USER32.dll!RegisterHotKey 777AAA19 3 Bytes [FF, 25, 1E] .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] USER32.dll!RegisterHotKey + 4 777AAA1D 2 Bytes [7E, 71] {JLE 0x73} .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] USER32.dll!ExitWindowsEx 777F06C7 6 Bytes JMP 71A30F5A .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] USER32.dll!DdeClientTransaction 7780323C 6 Bytes JMP 71820F5A .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] GDI32.dll!DeleteDC 773E6EAA 6 Bytes JMP 71760F5A .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] GDI32.dll!BitBlt 773E72C0 6 Bytes JMP 71730F5A .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] GDI32.dll!CreateDCA 773ECCA9 6 Bytes JMP 717C0F5A .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] GDI32.dll!CreateDCW 773ECF79 6 Bytes JMP 71790F5A .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] ADVAPI32.dll!CreateServiceW 7789712C 6 Bytes JMP 71850F5A .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] ADVAPI32.dll!CreateServiceA 778B3158 6 Bytes JMP 71880F5A .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] ADVAPI32.dll!InitiateSystemShutdownW 778CDA6D 6 Bytes JMP 719D0F5A .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] ADVAPI32.dll!InitiateSystemShutdownExW 778CDB3A 6 Bytes JMP 71970F5A .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] ADVAPI32.dll!InitiateSystemShutdownA 778CDC0F 6 Bytes JMP 71A00F5A .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] ADVAPI32.dll!InitiateSystemShutdownExA 778CDCB6 6 Bytes JMP 719A0F5A .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] IPHLPAPI.DLL!IcmpSendEcho2Ex 751B843C 6 Bytes JMP 71910F5A .text E:\Windows\Samsung\PanelMgr\SSMMgr.exe[2616] IPHLPAPI.DLL!IcmpSendEcho2 751B873B 6 Bytes JMP 71940F5A .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] ntdll.dll!NtAcceptConnectPort 77B851A8 3 Bytes [FF, 25, 1E] .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] ntdll.dll!NtAcceptConnectPort + 4 77B851AC 2 Bytes [5D, 71] .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] ntdll.dll!NtCreateSymbolicLinkObject 77B85708 3 Bytes [FF, 25, 1E] .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] ntdll.dll!NtCreateSymbolicLinkObject + 4 77B8570C 2 Bytes [60, 71] .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] kernel32.dll!CreateProcessW 76F4204D 6 Bytes JMP 71A60F5A .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] kernel32.dll!CreateProcessA 76F42082 6 Bytes JMP 71A90F5A .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] kernel32.dll!LoadLibraryA 76F8DC65 6 Bytes JMP 71670F5A .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] kernel32.dll!CloseHandle 76F8E868 6 Bytes JMP 718B0F5A .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] kernel32.dll!CreateFileW 76F8E8A5 6 Bytes JMP 718E0F5A .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] kernel32.dll!LoadLibraryW 76F8EF42 6 Bytes JMP 71640F5A .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] USER32.dll!RegisterHotKey 777AAA19 3 Bytes [FF, 25, 1E] .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] USER32.dll!RegisterHotKey + 4 777AAA1D 2 Bytes [7E, 71] {JLE 0x73} .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] USER32.dll!ExitWindowsEx 777F06C7 6 Bytes JMP 71A30F5A .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] USER32.dll!DdeClientTransaction 7780323C 6 Bytes JMP 71820F5A .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] GDI32.dll!DeleteDC 773E6EAA 6 Bytes JMP 71760F5A .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] GDI32.dll!BitBlt 773E72C0 6 Bytes JMP 71730F5A .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] GDI32.dll!CreateDCA 773ECCA9 6 Bytes JMP 717C0F5A .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] GDI32.dll!CreateDCW 773ECF79 6 Bytes JMP 71790F5A .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] ADVAPI32.dll!CreateServiceW 7789712C 6 Bytes JMP 71850F5A .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] ADVAPI32.dll!CreateServiceA 778B3158 6 Bytes JMP 71880F5A .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] ADVAPI32.dll!InitiateSystemShutdownW 778CDA6D 6 Bytes JMP 719D0F5A .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] ADVAPI32.dll!InitiateSystemShutdownExW 778CDB3A 6 Bytes JMP 71970F5A .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] ADVAPI32.dll!InitiateSystemShutdownA 778CDC0F 6 Bytes JMP 71A00F5A .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] ADVAPI32.dll!InitiateSystemShutdownExA 778CDCB6 6 Bytes JMP 719A0F5A .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] WS2_32.dll!socket 77CA3EB8 6 Bytes JMP 71AF0F5A .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] IPHLPAPI.DLL!IcmpSendEcho2Ex 751B843C 6 Bytes JMP 71910F5A .text E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] IPHLPAPI.DLL!IcmpSendEcho2 751B873B 6 Bytes JMP 71940F5A .text E:\Windows\WindowsMobile\wmdc.exe[2664] ntdll.dll!NtAcceptConnectPort 77B851A8 3 Bytes [FF, 25, 1E] .text E:\Windows\WindowsMobile\wmdc.exe[2664] ntdll.dll!NtAcceptConnectPort + 4 77B851AC 2 Bytes [63, 71] .text E:\Windows\WindowsMobile\wmdc.exe[2664] ntdll.dll!NtCreateSymbolicLinkObject 77B85708 3 Bytes [FF, 25, 1E] .text E:\Windows\WindowsMobile\wmdc.exe[2664] ntdll.dll!NtCreateSymbolicLinkObject + 4 77B8570C 2 Bytes [66, 71] .text E:\Windows\WindowsMobile\wmdc.exe[2664] kernel32.dll!CreateProcessW 76F4204D 6 Bytes JMP 71A60F5A .text E:\Windows\WindowsMobile\wmdc.exe[2664] kernel32.dll!CreateProcessA 76F42082 6 Bytes JMP 71A90F5A .text E:\Windows\WindowsMobile\wmdc.exe[2664] kernel32.dll!LoadLibraryA 76F8DC65 6 Bytes JMP 716D0F5A .text E:\Windows\WindowsMobile\wmdc.exe[2664] kernel32.dll!CloseHandle 76F8E868 6 Bytes JMP 718B0F5A .text E:\Windows\WindowsMobile\wmdc.exe[2664] kernel32.dll!CreateFileW 76F8E8A5 6 Bytes JMP 718E0F5A .text E:\Windows\WindowsMobile\wmdc.exe[2664] kernel32.dll!LoadLibraryW 76F8EF42 6 Bytes JMP 716A0F5A .text E:\Windows\WindowsMobile\wmdc.exe[2664] ADVAPI32.dll!CreateServiceW 7789712C 6 Bytes JMP 71850F5A .text E:\Windows\WindowsMobile\wmdc.exe[2664] ADVAPI32.dll!CreateServiceA 778B3158 6 Bytes JMP 71880F5A .text E:\Windows\WindowsMobile\wmdc.exe[2664] ADVAPI32.dll!InitiateSystemShutdownW 778CDA6D 6 Bytes JMP 719D0F5A .text E:\Windows\WindowsMobile\wmdc.exe[2664] ADVAPI32.dll!InitiateSystemShutdownExW 778CDB3A 6 Bytes JMP 71970F5A .text E:\Windows\WindowsMobile\wmdc.exe[2664] ADVAPI32.dll!InitiateSystemShutdownA 778CDC0F 6 Bytes JMP 71A00F5A .text E:\Windows\WindowsMobile\wmdc.exe[2664] ADVAPI32.dll!InitiateSystemShutdownExA 778CDCB6 6 Bytes JMP 719A0F5A .text E:\Windows\WindowsMobile\wmdc.exe[2664] GDI32.dll!DeleteDC 773E6EAA 6 Bytes JMP 71760F5A .text E:\Windows\WindowsMobile\wmdc.exe[2664] GDI32.dll!BitBlt 773E72C0 6 Bytes JMP 71730F5A .text E:\Windows\WindowsMobile\wmdc.exe[2664] GDI32.dll!CreateDCA 773ECCA9 6 Bytes JMP 717C0F5A .text E:\Windows\WindowsMobile\wmdc.exe[2664] GDI32.dll!CreateDCW 773ECF79 6 Bytes JMP 71790F5A .text E:\Windows\WindowsMobile\wmdc.exe[2664] USER32.dll!RegisterHotKey 777AAA19 3 Bytes [FF, 25, 1E] .text E:\Windows\WindowsMobile\wmdc.exe[2664] USER32.dll!RegisterHotKey + 4 777AAA1D 2 Bytes [7E, 71] {JLE 0x73} .text E:\Windows\WindowsMobile\wmdc.exe[2664] USER32.dll!ExitWindowsEx 777F06C7 6 Bytes JMP 71A30F5A .text E:\Windows\WindowsMobile\wmdc.exe[2664] USER32.dll!DdeClientTransaction 7780323C 6 Bytes JMP 71820F5A .text E:\Windows\WindowsMobile\wmdc.exe[2664] WS2_32.dll!socket 77CA3EB8 6 Bytes JMP 71AF0F5A .text E:\Windows\WindowsMobile\wmdc.exe[2664] IPHLPAPI.DLL!IcmpSendEcho2Ex 751B843C 6 Bytes JMP 71910F5A .text E:\Windows\WindowsMobile\wmdc.exe[2664] IPHLPAPI.DLL!IcmpSendEcho2 751B873B 6 Bytes JMP 71940F5A .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] ntdll.dll!NtAcceptConnectPort 77B851A8 3 Bytes [FF, 25, 1E] .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] ntdll.dll!NtAcceptConnectPort + 4 77B851AC 2 Bytes [66, 71] .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] ntdll.dll!NtCreateSymbolicLinkObject 77B85708 3 Bytes [FF, 25, 1E] .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] ntdll.dll!NtCreateSymbolicLinkObject + 4 77B8570C 2 Bytes [69, 71] .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] kernel32.dll!CreateProcessW 76F4204D 6 Bytes JMP 71A60F5A .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] kernel32.dll!CreateProcessA 76F42082 6 Bytes JMP 71A90F5A .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] kernel32.dll!LoadLibraryA 76F8DC65 6 Bytes JMP 71700F5A .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] kernel32.dll!CloseHandle 76F8E868 6 Bytes JMP 718B0F5A .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] kernel32.dll!CreateFileW 76F8E8A5 6 Bytes JMP 718E0F5A .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] kernel32.dll!LoadLibraryW 76F8EF42 6 Bytes JMP 716D0F5A .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] ADVAPI32.dll!CreateServiceW 7789712C 6 Bytes JMP 71850F5A .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] ADVAPI32.dll!CreateServiceA 778B3158 6 Bytes JMP 71880F5A .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] ADVAPI32.dll!InitiateSystemShutdownW 778CDA6D 6 Bytes JMP 719D0F5A .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] ADVAPI32.dll!InitiateSystemShutdownExW 778CDB3A 6 Bytes JMP 71970F5A .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] ADVAPI32.dll!InitiateSystemShutdownA 778CDC0F 6 Bytes JMP 71A00F5A .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] ADVAPI32.dll!InitiateSystemShutdownExA 778CDCB6 6 Bytes JMP 719A0F5A .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] GDI32.dll!DeleteDC 773E6EAA 6 Bytes JMP 71760F5A .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] GDI32.dll!BitBlt 773E72C0 6 Bytes JMP 71730F5A .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] GDI32.dll!CreateDCA 773ECCA9 6 Bytes JMP 717C0F5A .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] GDI32.dll!CreateDCW 773ECF79 6 Bytes JMP 71790F5A .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] USER32.dll!RegisterHotKey 777AAA19 3 Bytes [FF, 25, 1E] .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] USER32.dll!RegisterHotKey + 4 777AAA1D 2 Bytes [7E, 71] {JLE 0x73} .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] USER32.dll!ExitWindowsEx 777F06C7 6 Bytes JMP 71A30F5A .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] USER32.dll!DdeClientTransaction 7780323C 6 Bytes JMP 71820F5A .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] WS2_32.dll!socket 77CA3EB8 6 Bytes JMP 71AF0F5A .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] IPHLPAPI.DLL!IcmpSendEcho2Ex 751B843C 6 Bytes JMP 71910F5A .text E:\Program Files\Common Files\Java\Java Update\jusched.exe[2688] IPHLPAPI.DLL!IcmpSendEcho2 751B873B 6 Bytes JMP 71940F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] ntdll.dll!NtAcceptConnectPort 77B851A8 3 Bytes [FF, 25, 1E] .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] ntdll.dll!NtAcceptConnectPort + 4 77B851AC 2 Bytes [65, 71] .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] ntdll.dll!NtCreateSymbolicLinkObject 77B85708 3 Bytes [FF, 25, 1E] .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] ntdll.dll!NtCreateSymbolicLinkObject + 4 77B8570C 2 Bytes [68, 71] .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] kernel32.dll!CreateProcessW 76F4204D 6 Bytes JMP 71A50F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] kernel32.dll!CreateProcessA 76F42082 6 Bytes JMP 71A80F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] kernel32.dll!LoadLibraryA 76F8DC65 6 Bytes JMP 716F0F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] kernel32.dll!CloseHandle 76F8E868 6 Bytes JMP 718A0F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] kernel32.dll!CreateFileW 76F8E8A5 6 Bytes JMP 718D0F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] kernel32.dll!LoadLibraryW 76F8EF42 6 Bytes JMP 716C0F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] GDI32.dll!DeleteDC 773E6EAA 6 Bytes JMP 71750F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] GDI32.dll!BitBlt 773E72C0 6 Bytes JMP 71720F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] GDI32.dll!CreateDCA 773ECCA9 6 Bytes JMP 717B0F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] GDI32.dll!CreateDCW 773ECF79 6 Bytes JMP 71780F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] USER32.dll!RegisterHotKey 777AAA19 3 Bytes [FF, 25, 1E] .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] USER32.dll!RegisterHotKey + 4 777AAA1D 2 Bytes [7D, 71] {JGE 0x73} .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] USER32.dll!ExitWindowsEx 777F06C7 6 Bytes JMP 71A20F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] USER32.dll!DdeClientTransaction 7780323C 6 Bytes JMP 71810F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] ADVAPI32.dll!CreateServiceW 7789712C 6 Bytes JMP 71840F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] ADVAPI32.dll!CreateServiceA 778B3158 6 Bytes JMP 71870F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] ADVAPI32.dll!InitiateSystemShutdownW 778CDA6D 6 Bytes JMP 719C0F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] ADVAPI32.dll!InitiateSystemShutdownExW 778CDB3A 6 Bytes JMP 71960F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] ADVAPI32.dll!InitiateSystemShutdownA 778CDC0F 6 Bytes JMP 719F0F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] ADVAPI32.dll!InitiateSystemShutdownExA 778CDCB6 6 Bytes JMP 71990F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] WS2_32.dll!ioctlsocket 77CA3084 6 Bytes JMP 71510F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] WS2_32.dll!sendto 77CA34B5 6 Bytes JMP 71570F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] WS2_32.dll!closesocket 77CA3918 6 Bytes JMP 71630F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] WS2_32.dll!socket 77CA3EB8 6 Bytes JMP 71AE0F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] WS2_32.dll!WSASend 77CA4406 6 Bytes JMP 71420F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] WS2_32.dll!select 77CA6989 6 Bytes JMP 71540F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] WS2_32.dll!recv 77CA6B0E 6 Bytes JMP 71490F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] WS2_32.dll!connect 77CA6BDD 6 Bytes JMP 71600F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] WS2_32.dll!send 77CA6F01 6 Bytes JMP 715A0F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] WS2_32.dll!WSARecv 77CA7089 6 Bytes JMP 71450F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] WS2_32.dll!WSAGetOverlappedResult 77CA7489 6 Bytes JMP 713A0F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] WS2_32.dll!WSAAsyncSelect 77CBB014 6 Bytes JMP 714E0F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] IPHLPAPI.DLL!IcmpSendEcho2Ex 751B843C 6 Bytes JMP 71900F5A .text E:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[2884] IPHLPAPI.DLL!IcmpSendEcho2 751B873B 6 Bytes JMP 71930F5A .text H:\Programy\Online Armor\oaui.exe[2932] USER32.dll!LoadStringA 777A66A7 6 Bytes JMP 71AF0F5A .text H:\Programy\Online Armor\oaui.exe[2932] USER32.dll!LoadStringW 777ADFBA 6 Bytes JMP 71A90F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] ntdll.dll!NtAcceptConnectPort 77B851A8 3 Bytes [FF, 25, 1E] .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] ntdll.dll!NtAcceptConnectPort + 4 77B851AC 2 Bytes [65, 71] .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] ntdll.dll!NtCreateSymbolicLinkObject 77B85708 3 Bytes [FF, 25, 1E] .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] ntdll.dll!NtCreateSymbolicLinkObject + 4 77B8570C 2 Bytes [68, 71] .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] KERNEL32.dll!CreateProcessW 76F4204D 6 Bytes JMP 71A50F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] KERNEL32.dll!CreateProcessA 76F42082 6 Bytes JMP 71A80F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] KERNEL32.dll!LoadLibraryA 76F8DC65 6 Bytes JMP 716F0F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] KERNEL32.dll!CloseHandle 76F8E868 6 Bytes JMP 718A0F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] KERNEL32.dll!CreateFileW 76F8E8A5 6 Bytes JMP 718D0F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] KERNEL32.dll!LoadLibraryW 76F8EF42 6 Bytes JMP 716C0F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] user32.dll!RegisterHotKey 777AAA19 3 Bytes [FF, 25, 1E] .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] user32.dll!RegisterHotKey + 4 777AAA1D 2 Bytes [7D, 71] {JGE 0x73} .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] user32.dll!ExitWindowsEx 777F06C7 6 Bytes JMP 71A20F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] user32.dll!DdeClientTransaction 7780323C 6 Bytes JMP 71810F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] GDI32.dll!DeleteDC 773E6EAA 6 Bytes JMP 71750F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] GDI32.dll!BitBlt 773E72C0 6 Bytes JMP 71720F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] GDI32.dll!CreateDCA 773ECCA9 6 Bytes JMP 717B0F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] GDI32.dll!CreateDCW 773ECF79 6 Bytes JMP 71780F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] advapi32.dll!CreateServiceW 7789712C 6 Bytes JMP 71840F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] advapi32.dll!CreateServiceA 778B3158 6 Bytes JMP 71870F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] advapi32.dll!InitiateSystemShutdownW 778CDA6D 6 Bytes JMP 719C0F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] advapi32.dll!InitiateSystemShutdownExW 778CDB3A 6 Bytes JMP 71960F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] advapi32.dll!InitiateSystemShutdownA 778CDC0F 6 Bytes JMP 719F0F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] advapi32.dll!InitiateSystemShutdownExA 778CDCB6 6 Bytes JMP 71990F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] WS2_32.dll!socket 77CA3EB8 6 Bytes JMP 71AE0F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] IPHLPAPI.DLL!IcmpSendEcho2Ex 751B843C 6 Bytes JMP 71900F5A .text H:\Programy\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] IPHLPAPI.DLL!IcmpSendEcho2 751B873B 6 Bytes JMP 71930F5A .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] ntdll.dll!NtAcceptConnectPort 77B851A8 3 Bytes [FF, 25, 1E] .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] ntdll.dll!NtAcceptConnectPort + 4 77B851AC 2 Bytes [65, 71] .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] ntdll.dll!NtCreateSymbolicLinkObject 77B85708 3 Bytes [FF, 25, 1E] .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] ntdll.dll!NtCreateSymbolicLinkObject + 4 77B8570C 2 Bytes [68, 71] .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] kernel32.dll!CreateProcessW 76F4204D 6 Bytes JMP 71A50F5A .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] kernel32.dll!CreateProcessA 76F42082 6 Bytes JMP 71A80F5A .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] kernel32.dll!LoadLibraryA 76F8DC65 6 Bytes JMP 716F0F5A .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] kernel32.dll!CloseHandle 76F8E868 6 Bytes JMP 718A0F5A .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] kernel32.dll!CreateFileW 76F8E8A5 6 Bytes JMP 718D0F5A .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] kernel32.dll!LoadLibraryW 76F8EF42 6 Bytes JMP 716C0F5A .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] GDI32.dll!DeleteDC 773E6EAA 6 Bytes JMP 71750F5A .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] GDI32.dll!BitBlt 773E72C0 6 Bytes JMP 71720F5A .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] GDI32.dll!CreateDCA 773ECCA9 6 Bytes JMP 717B0F5A .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] GDI32.dll!CreateDCW 773ECF79 6 Bytes JMP 71780F5A .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] USER32.dll!RegisterHotKey 777AAA19 3 Bytes [FF, 25, 1E] .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] USER32.dll!RegisterHotKey + 4 777AAA1D 2 Bytes [7D, 71] {JGE 0x73} .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] USER32.dll!ExitWindowsEx 777F06C7 6 Bytes JMP 71A20F5A .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] USER32.dll!DdeClientTransaction 7780323C 6 Bytes JMP 71810F5A .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] ADVAPI32.dll!CreateServiceW 7789712C 6 Bytes JMP 71840F5A .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] ADVAPI32.dll!CreateServiceA 778B3158 6 Bytes JMP 71870F5A .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] ADVAPI32.dll!InitiateSystemShutdownW 778CDA6D 6 Bytes JMP 719C0F5A .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] ADVAPI32.dll!InitiateSystemShutdownExW 778CDB3A 6 Bytes JMP 71960F5A .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] ADVAPI32.dll!InitiateSystemShutdownA 778CDC0F 6 Bytes JMP 719F0F5A .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] ADVAPI32.dll!InitiateSystemShutdownExA 778CDCB6 6 Bytes JMP 71990F5A .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] WS2_32.dll!socket 77CA3EB8 6 Bytes JMP 71AE0F5A .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] IPHLPAPI.DLL!IcmpSendEcho2Ex 751B843C 6 Bytes JMP 71900F5A .text E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3040] IPHLPAPI.DLL!IcmpSendEcho2 751B873B 6 Bytes JMP 71930F5A .text H:\Programy\Online Armor\OAhlp.exe[3092] USER32.dll!LoadStringA 777A66A7 6 Bytes JMP 71AF0F5A .text H:\Programy\Online Armor\OAhlp.exe[3092] USER32.dll!LoadStringW 777ADFBA 6 Bytes JMP 71A90F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] ntdll.dll!NtAcceptConnectPort 77B851A8 3 Bytes [FF, 25, 1E] .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] ntdll.dll!NtAcceptConnectPort + 4 77B851AC 2 Bytes [5C, 71] .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] ntdll.dll!NtCreateSymbolicLinkObject 77B85708 3 Bytes [FF, 25, 1E] .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] ntdll.dll!NtCreateSymbolicLinkObject + 4 77B8570C 2 Bytes [5F, 71] .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] kernel32.dll!CreateProcessW 76F4204D 6 Bytes JMP 71A50F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] kernel32.dll!CreateProcessA 76F42082 6 Bytes JMP 71A80F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] kernel32.dll!LoadLibraryA 76F8DC65 6 Bytes JMP 71660F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] kernel32.dll!CloseHandle 76F8E868 6 Bytes JMP 718A0F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] kernel32.dll!CreateFileW 76F8E8A5 6 Bytes JMP 718D0F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] kernel32.dll!LoadLibraryW 76F8EF42 6 Bytes JMP 71630F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] USER32.dll!RegisterHotKey 777AAA19 3 Bytes [FF, 25, 1E] .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] USER32.dll!RegisterHotKey + 4 777AAA1D 2 Bytes [7D, 71] {JGE 0x73} .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] USER32.dll!ExitWindowsEx 777F06C7 6 Bytes JMP 71A20F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] USER32.dll!DdeClientTransaction 7780323C 6 Bytes JMP 71810F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] GDI32.dll!DeleteDC 773E6EAA 6 Bytes JMP 71750F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] GDI32.dll!BitBlt 773E72C0 6 Bytes JMP 71720F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] GDI32.dll!CreateDCA 773ECCA9 6 Bytes JMP 717B0F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] GDI32.dll!CreateDCW 773ECF79 6 Bytes JMP 71780F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] ADVAPI32.dll!CreateServiceW 7789712C 6 Bytes JMP 71840F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] ADVAPI32.dll!CreateServiceA 778B3158 6 Bytes JMP 71870F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] ADVAPI32.dll!InitiateSystemShutdownW 778CDA6D 6 Bytes JMP 719C0F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] ADVAPI32.dll!InitiateSystemShutdownExW 778CDB3A 6 Bytes JMP 71960F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] ADVAPI32.dll!InitiateSystemShutdownA 778CDC0F 6 Bytes JMP 719F0F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] ADVAPI32.dll!InitiateSystemShutdownExA 778CDCB6 6 Bytes JMP 71990F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] WS2_32.dll!ioctlsocket 77CA3084 6 Bytes JMP 71480F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] WS2_32.dll!sendto 77CA34B5 6 Bytes JMP 714E0F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] WS2_32.dll!closesocket 77CA3918 6 Bytes JMP 715A0F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] WS2_32.dll!socket 77CA3EB8 6 Bytes JMP 71AE0F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] WS2_32.dll!WSASend 77CA4406 6 Bytes JMP 71370F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] WS2_32.dll!select 77CA6989 6 Bytes JMP 714B0F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] WS2_32.dll!recv 77CA6B0E 6 Bytes JMP 71400F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] WS2_32.dll!connect 77CA6BDD 6 Bytes JMP 71570F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] WS2_32.dll!send 77CA6F01 6 Bytes JMP 71510F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] WS2_32.dll!WSARecv 77CA7089 6 Bytes JMP 713A0F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] WS2_32.dll!WSAGetOverlappedResult 77CA7489 6 Bytes JMP 71310F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] WS2_32.dll!WSAAsyncSelect 77CBB014 6 Bytes JMP 71450F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] IPHLPAPI.DLL!IcmpSendEcho2Ex 751B843C 6 Bytes JMP 71900F5A .text H:\Programy\Nowy folder\Kies\KiesTrayAgent.exe[3332] IPHLPAPI.DLL!IcmpSendEcho2 751B873B 6 Bytes JMP 71930F5A .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] ntdll.dll!NtAcceptConnectPort 77B851A8 3 Bytes [FF, 25, 1E] .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] ntdll.dll!NtAcceptConnectPort + 4 77B851AC 2 Bytes [65, 71] .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] ntdll.dll!NtCreateSymbolicLinkObject 77B85708 3 Bytes [FF, 25, 1E] .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] ntdll.dll!NtCreateSymbolicLinkObject + 4 77B8570C 2 Bytes [68, 71] .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] ntdll.dll!DbgUiRemoteBreakin 77BDF125 1 Byte [C3] .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] KERNEL32.dll!CreateProcessW 76F4204D 6 Bytes JMP 71A50F5A .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] KERNEL32.dll!CreateProcessA 76F42082 6 Bytes JMP 71A80F5A .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] KERNEL32.dll!LoadLibraryA 76F8DC65 6 Bytes JMP 716F0F5A .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] KERNEL32.dll!CloseHandle 76F8E868 6 Bytes JMP 718A0F5A .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] KERNEL32.dll!CreateFileW 76F8E8A5 6 Bytes JMP 718D0F5A .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] KERNEL32.dll!LoadLibraryW 76F8EF42 6 Bytes JMP 716C0F5A .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] user32.dll!RegisterHotKey 777AAA19 3 Bytes [FF, 25, 1E] .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] user32.dll!RegisterHotKey + 4 777AAA1D 2 Bytes [7D, 71] {JGE 0x73} .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] user32.dll!ExitWindowsEx 777F06C7 6 Bytes JMP 71A20F5A .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] user32.dll!DdeClientTransaction 7780323C 6 Bytes JMP 71810F5A .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] GDI32.dll!DeleteDC 773E6EAA 6 Bytes JMP 71750F5A .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] GDI32.dll!BitBlt 773E72C0 6 Bytes JMP 71720F5A .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] GDI32.dll!CreateDCA 773ECCA9 6 Bytes JMP 717B0F5A .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] GDI32.dll!CreateDCW 773ECF79 6 Bytes JMP 71780F5A .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] advapi32.dll!CreateServiceW 7789712C 6 Bytes JMP 71840F5A .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] advapi32.dll!CreateServiceA 778B3158 6 Bytes JMP 71870F5A .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] advapi32.dll!InitiateSystemShutdownW 778CDA6D 6 Bytes JMP 719C0F5A .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] advapi32.dll!InitiateSystemShutdownExW 778CDB3A 6 Bytes JMP 71960F5A .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] advapi32.dll!InitiateSystemShutdownA 778CDC0F 6 Bytes JMP 719F0F5A .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] advapi32.dll!InitiateSystemShutdownExA 778CDCB6 6 Bytes JMP 71990F5A .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] WS2_32.dll!socket 77CA3EB8 6 Bytes JMP 71AE0F5A .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] IPHLPAPI.DLL!IcmpSendEcho2Ex 751B843C 6 Bytes JMP 71900F5A .text H:\Programy\Nowy folder\Kies\External\FirmwareUpdate\KiesPDLR.exe[3440] IPHLPAPI.DLL!IcmpSendEcho2 751B873B 6 Bytes JMP 71930F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] ntdll.dll!NtAcceptConnectPort 77B851A8 3 Bytes [FF, 25, 1E] .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] ntdll.dll!NtAcceptConnectPort + 4 77B851AC 2 Bytes [65, 71] .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] ntdll.dll!NtCreateSymbolicLinkObject 77B85708 3 Bytes [FF, 25, 1E] .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] ntdll.dll!NtCreateSymbolicLinkObject + 4 77B8570C 2 Bytes [68, 71] .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] kernel32.dll!CreateProcessW 76F4204D 6 Bytes JMP 71A50F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] kernel32.dll!CreateProcessA 76F42082 6 Bytes JMP 71A80F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] kernel32.dll!LoadLibraryA 76F8DC65 6 Bytes JMP 716F0F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] kernel32.dll!CloseHandle 76F8E868 6 Bytes JMP 718A0F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] kernel32.dll!CreateFileW 76F8E8A5 6 Bytes JMP 718D0F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] kernel32.dll!LoadLibraryW 76F8EF42 6 Bytes JMP 716C0F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] ADVAPI32.dll!CreateServiceW 7789712C 6 Bytes JMP 71840F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] ADVAPI32.dll!CreateServiceA 778B3158 6 Bytes JMP 71870F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] ADVAPI32.dll!InitiateSystemShutdownW 778CDA6D 6 Bytes JMP 719C0F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] ADVAPI32.dll!InitiateSystemShutdownExW 778CDB3A 6 Bytes JMP 71960F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] ADVAPI32.dll!InitiateSystemShutdownA 778CDC0F 6 Bytes JMP 719F0F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] ADVAPI32.dll!InitiateSystemShutdownExA 778CDCB6 6 Bytes JMP 71990F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] GDI32.dll!DeleteDC 773E6EAA 6 Bytes JMP 71750F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] GDI32.dll!BitBlt 773E72C0 6 Bytes JMP 71720F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] GDI32.dll!CreateDCA 773ECCA9 6 Bytes JMP 717B0F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] GDI32.dll!CreateDCW 773ECF79 6 Bytes JMP 71780F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] USER32.dll!RegisterHotKey 777AAA19 3 Bytes [FF, 25, 1E] .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] USER32.dll!RegisterHotKey + 4 777AAA1D 2 Bytes [7D, 71] {JGE 0x73} .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] USER32.dll!ExitWindowsEx 777F06C7 6 Bytes JMP 71A20F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] USER32.dll!DdeClientTransaction 7780323C 6 Bytes JMP 71810F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] WS2_32.dll!ioctlsocket 77CA3084 6 Bytes JMP 71510F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] WS2_32.dll!sendto 77CA34B5 6 Bytes JMP 71570F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] WS2_32.dll!closesocket 77CA3918 6 Bytes JMP 71630F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] WS2_32.dll!socket 77CA3EB8 6 Bytes JMP 71AE0F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] WS2_32.dll!WSASend 77CA4406 6 Bytes JMP 713C0F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] WS2_32.dll!select 77CA6989 6 Bytes JMP 71540F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] WS2_32.dll!recv 77CA6B0E 6 Bytes JMP 71490F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] WS2_32.dll!connect 77CA6BDD 6 Bytes JMP 71600F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] WS2_32.dll!send 77CA6F01 6 Bytes JMP 715A0F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] WS2_32.dll!WSARecv 77CA7089 6 Bytes JMP 71420F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] WS2_32.dll!WSAGetOverlappedResult 77CA7489 6 Bytes JMP 71360F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] WS2_32.dll!WSAAsyncSelect 77CBB014 6 Bytes JMP 714E0F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] IPHLPAPI.DLL!IcmpSendEcho2Ex 751B843C 6 Bytes JMP 71900F5A .text E:\Program Files\Windows Sidebar\sidebar.exe[3540] IPHLPAPI.DLL!IcmpSendEcho2 751B873B 6 Bytes JMP 71930F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] ntdll.dll!NtAcceptConnectPort 77B851A8 3 Bytes [FF, 25, 1E] .text H:\Programy\PeerBlock\peerblock.exe[3592] ntdll.dll!NtAcceptConnectPort + 4 77B851AC 2 Bytes [65, 71] .text H:\Programy\PeerBlock\peerblock.exe[3592] ntdll.dll!NtCreateSymbolicLinkObject 77B85708 3 Bytes [FF, 25, 1E] .text H:\Programy\PeerBlock\peerblock.exe[3592] ntdll.dll!NtCreateSymbolicLinkObject + 4 77B8570C 2 Bytes [68, 71] .text H:\Programy\PeerBlock\peerblock.exe[3592] kernel32.dll!CreateProcessW 76F4204D 6 Bytes JMP 71A50F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] kernel32.dll!CreateProcessA 76F42082 6 Bytes JMP 71A80F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] kernel32.dll!LoadLibraryA 76F8DC65 6 Bytes JMP 716F0F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] kernel32.dll!CloseHandle 76F8E868 6 Bytes JMP 718A0F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] kernel32.dll!CreateFileW 76F8E8A5 6 Bytes JMP 718D0F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] kernel32.dll!LoadLibraryW 76F8EF42 6 Bytes JMP 716C0F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] kernel32.dll!SetUnhandledExceptionFilter 76F8F4FB 5 Bytes JMP 012AB280 H:\Programy\PeerBlock\peerblock.exe (PeerBlock/PeerBlock, LLC) .text H:\Programy\PeerBlock\peerblock.exe[3592] GDI32.dll!DeleteDC 773E6EAA 6 Bytes JMP 71750F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] GDI32.dll!BitBlt 773E72C0 6 Bytes JMP 71720F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] GDI32.dll!CreateDCA 773ECCA9 6 Bytes JMP 717B0F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] GDI32.dll!CreateDCW 773ECF79 6 Bytes JMP 71780F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] USER32.dll!RegisterHotKey 777AAA19 3 Bytes [FF, 25, 1E] .text H:\Programy\PeerBlock\peerblock.exe[3592] USER32.dll!RegisterHotKey + 4 777AAA1D 2 Bytes [7D, 71] {JGE 0x73} .text H:\Programy\PeerBlock\peerblock.exe[3592] USER32.dll!ExitWindowsEx 777F06C7 6 Bytes JMP 71A20F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] USER32.dll!DdeClientTransaction 7780323C 6 Bytes JMP 71810F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] WS2_32.dll!ioctlsocket 77CA3084 6 Bytes JMP 71510F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] WS2_32.dll!sendto 77CA34B5 6 Bytes JMP 71570F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] WS2_32.dll!closesocket 77CA3918 6 Bytes JMP 71630F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] WS2_32.dll!socket 77CA3EB8 6 Bytes JMP 71AE0F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] WS2_32.dll!WSASend 77CA4406 6 Bytes JMP 71420F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] WS2_32.dll!select 77CA6989 6 Bytes JMP 71540F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] WS2_32.dll!recv 77CA6B0E 6 Bytes JMP 71490F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] WS2_32.dll!connect 77CA6BDD 6 Bytes JMP 71600F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] WS2_32.dll!send 77CA6F01 6 Bytes JMP 715A0F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] WS2_32.dll!WSARecv 77CA7089 6 Bytes JMP 71450F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] WS2_32.dll!WSAGetOverlappedResult 77CA7489 6 Bytes JMP 713A0F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] WS2_32.dll!WSAAsyncSelect 77CBB014 6 Bytes JMP 714E0F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] IPHLPAPI.DLL!IcmpSendEcho2Ex 751B843C 6 Bytes JMP 71900F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] IPHLPAPI.DLL!IcmpSendEcho2 751B873B 6 Bytes JMP 71930F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] ADVAPI32.dll!CreateServiceW 7789712C 6 Bytes JMP 71840F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] ADVAPI32.dll!CreateServiceA 778B3158 6 Bytes JMP 71870F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] ADVAPI32.dll!InitiateSystemShutdownW 778CDA6D 6 Bytes JMP 719C0F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] ADVAPI32.dll!InitiateSystemShutdownExW 778CDB3A 6 Bytes JMP 71960F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] ADVAPI32.dll!InitiateSystemShutdownA 778CDC0F 6 Bytes JMP 719F0F5A .text H:\Programy\PeerBlock\peerblock.exe[3592] ADVAPI32.dll!InitiateSystemShutdownExA 778CDCB6 6 Bytes JMP 71990F5A .text E:\Windows\system32\mmc.exe[4528] ntdll.dll!NtAcceptConnectPort 77B851A8 3 Bytes [FF, 25, 1E] .text E:\Windows\system32\mmc.exe[4528] ntdll.dll!NtAcceptConnectPort + 4 77B851AC 2 Bytes [58, 71] .text E:\Windows\system32\mmc.exe[4528] ntdll.dll!NtCreateSymbolicLinkObject 77B85708 3 Bytes [FF, 25, 1E] .text E:\Windows\system32\mmc.exe[4528] ntdll.dll!NtCreateSymbolicLinkObject + 4 77B8570C 2 Bytes [5B, 71] .text E:\Windows\system32\mmc.exe[4528] kernel32.dll!CreateProcessW 76F4204D 6 Bytes JMP 71A50F5A .text E:\Windows\system32\mmc.exe[4528] kernel32.dll!CreateProcessA 76F42082 6 Bytes JMP 71A80F5A .text E:\Windows\system32\mmc.exe[4528] kernel32.dll!LoadLibraryA 76F8DC65 6 Bytes JMP 71620F5A .text E:\Windows\system32\mmc.exe[4528] kernel32.dll!CloseHandle 76F8E868 6 Bytes JMP 717D0F5A .text E:\Windows\system32\mmc.exe[4528] kernel32.dll!CreateFileW 76F8E8A5 6 Bytes JMP 71800F5A .text E:\Windows\system32\mmc.exe[4528] kernel32.dll!LoadLibraryW 76F8EF42 6 Bytes JMP 715F0F5A .text E:\Windows\system32\mmc.exe[4528] GDI32.dll!DeleteDC 773E6EAA 6 Bytes JMP 71680F5A .text E:\Windows\system32\mmc.exe[4528] GDI32.dll!BitBlt 773E72C0 6 Bytes JMP 71650F5A .text E:\Windows\system32\mmc.exe[4528] GDI32.dll!CreateDCA 773ECCA9 6 Bytes JMP 716E0F5A .text E:\Windows\system32\mmc.exe[4528] GDI32.dll!CreateDCW 773ECF79 6 Bytes JMP 716B0F5A .text E:\Windows\system32\mmc.exe[4528] USER32.dll!RegisterHotKey 777AAA19 3 Bytes [FF, 25, 1E] .text E:\Windows\system32\mmc.exe[4528] USER32.dll!RegisterHotKey + 4 777AAA1D 2 Bytes [70, 71] {JO 0x73} .text E:\Windows\system32\mmc.exe[4528] USER32.dll!ExitWindowsEx 777F06C7 6 Bytes JMP 71950F5A .text E:\Windows\system32\mmc.exe[4528] USER32.dll!DdeClientTransaction 7780323C 6 Bytes JMP 71740F5A .text E:\Windows\system32\mmc.exe[4528] ADVAPI32.dll!CreateServiceW 7789712C 6 Bytes JMP 71770F5A .text E:\Windows\system32\mmc.exe[4528] ADVAPI32.dll!CreateServiceA 778B3158 6 Bytes JMP 717A0F5A .text E:\Windows\system32\mmc.exe[4528] ADVAPI32.dll!InitiateSystemShutdownW 778CDA6D 6 Bytes JMP 718F0F5A .text E:\Windows\system32\mmc.exe[4528] ADVAPI32.dll!InitiateSystemShutdownExW 778CDB3A 6 Bytes JMP 71890F5A .text E:\Windows\system32\mmc.exe[4528] ADVAPI32.dll!InitiateSystemShutdownA 778CDC0F 6 Bytes JMP 71920F5A .text E:\Windows\system32\mmc.exe[4528] ADVAPI32.dll!InitiateSystemShutdownExA 778CDCB6 6 Bytes JMP 718C0F5A .text E:\Windows\system32\mmc.exe[4528] WS2_32.dll!socket 77CA3EB8 6 Bytes JMP 71AE0F5A .text E:\Windows\system32\mmc.exe[4528] IPHLPAPI.DLL!IcmpSendEcho2Ex 751B843C 6 Bytes JMP 71830F5A .text E:\Windows\system32\mmc.exe[4528] IPHLPAPI.DLL!IcmpSendEcho2 751B873B 6 Bytes JMP 71860F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] ntdll.dll!NtAcceptConnectPort 77B851A8 3 Bytes [FF, 25, 1E] .text E:\Programy\Mozilla Firefox\firefox.exe[4600] ntdll.dll!NtAcceptConnectPort + 4 77B851AC 2 Bytes [65, 71] .text E:\Programy\Mozilla Firefox\firefox.exe[4600] ntdll.dll!NtCreateSymbolicLinkObject 77B85708 3 Bytes [FF, 25, 1E] .text E:\Programy\Mozilla Firefox\firefox.exe[4600] ntdll.dll!NtCreateSymbolicLinkObject + 4 77B8570C 2 Bytes [68, 71] .text E:\Programy\Mozilla Firefox\firefox.exe[4600] ntdll.dll!LdrLoadDll 77BA22B8 5 Bytes JMP 5A6BB750 E:\Programy\Mozilla Firefox\xul.dll (Mozilla Foundation) .text E:\Programy\Mozilla Firefox\firefox.exe[4600] kernel32.dll!CreateProcessW 76F4204D 6 Bytes JMP 71A50F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] kernel32.dll!CreateProcessA 76F42082 6 Bytes JMP 71A80F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] kernel32.dll!LoadLibraryA 76F8DC65 6 Bytes JMP 716F0F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] kernel32.dll!CloseHandle 76F8E868 6 Bytes JMP 718A0F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] kernel32.dll!CreateFileW 76F8E8A5 6 Bytes JMP 718D0F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] kernel32.dll!LoadLibraryW 76F8EF42 6 Bytes JMP 716C0F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] USER32.dll!RegisterHotKey 777AAA19 3 Bytes [FF, 25, 1E] .text E:\Programy\Mozilla Firefox\firefox.exe[4600] USER32.dll!RegisterHotKey + 4 777AAA1D 2 Bytes [7D, 71] {JGE 0x73} .text E:\Programy\Mozilla Firefox\firefox.exe[4600] USER32.dll!ExitWindowsEx 777F06C7 6 Bytes JMP 71A20F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] USER32.dll!DdeClientTransaction 7780323C 6 Bytes JMP 71810F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] GDI32.dll!DeleteDC 773E6EAA 6 Bytes JMP 71750F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] GDI32.dll!BitBlt 773E72C0 6 Bytes JMP 71720F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] GDI32.dll!CreateDCA 773ECCA9 6 Bytes JMP 717B0F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] GDI32.dll!CreateDCW 773ECF79 6 Bytes JMP 71780F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] advapi32.dll!CreateServiceW 7789712C 6 Bytes JMP 71840F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] advapi32.dll!CreateServiceA 778B3158 6 Bytes JMP 71870F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] advapi32.dll!InitiateSystemShutdownW 778CDA6D 6 Bytes JMP 719C0F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] advapi32.dll!InitiateSystemShutdownExW 778CDB3A 6 Bytes JMP 71960F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] advapi32.dll!InitiateSystemShutdownA 778CDC0F 6 Bytes JMP 719F0F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] advapi32.dll!InitiateSystemShutdownExA 778CDCB6 6 Bytes JMP 71990F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] WS2_32.dll!ioctlsocket 77CA3084 6 Bytes JMP 712F0F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] WS2_32.dll!sendto 77CA34B5 6 Bytes JMP 71350F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] WS2_32.dll!closesocket 77CA3918 6 Bytes JMP 71410F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] WS2_32.dll!socket 77CA3EB8 6 Bytes JMP 71AE0F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] WS2_32.dll!WSASend 77CA4406 6 Bytes JMP 714A0F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] WS2_32.dll!WSALookupServiceNextW 77CA4CBC 6 Bytes JMP 71560F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] WS2_32.dll!WSALookupServiceEnd 77CA5239 6 Bytes JMP 71530F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] WS2_32.dll!WSALookupServiceBeginW 77CA575A 6 Bytes JMP 715A0F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] WS2_32.dll!select 77CA6989 6 Bytes JMP 71320F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] WS2_32.dll!recv 77CA6B0E 6 Bytes JMP 714D0F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] WS2_32.dll!connect 77CA6BDD 6 Bytes JMP 713C0F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] WS2_32.dll!send 77CA6F01 6 Bytes JMP 71500F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] WS2_32.dll!WSARecv 77CA7089 6 Bytes JMP 71470F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] WS2_32.dll!WSAGetOverlappedResult 77CA7489 6 Bytes JMP 71440F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] WS2_32.dll!WSAAsyncSelect 77CBB014 6 Bytes JMP 712C0F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] IPHLPAPI.DLL!IcmpSendEcho2Ex 751B843C 6 Bytes JMP 71900F5A .text E:\Programy\Mozilla Firefox\firefox.exe[4600] IPHLPAPI.DLL!IcmpSendEcho2 751B873B 6 Bytes JMP 71930F5A .text H:\Programy\Free Download Manager\fdm.exe[5016] ntdll.dll!NtAcceptConnectPort 77B851A8 3 Bytes [FF, 25, 1E] .text H:\Programy\Free Download Manager\fdm.exe[5016] ntdll.dll!NtAcceptConnectPort + 4 77B851AC 2 Bytes [65, 71] .text H:\Programy\Free Download Manager\fdm.exe[5016] ntdll.dll!NtCreateSymbolicLinkObject 77B85708 3 Bytes [FF, 25, 1E] .text H:\Programy\Free Download Manager\fdm.exe[5016] ntdll.dll!NtCreateSymbolicLinkObject + 4 77B8570C 2 Bytes [68, 71] .text H:\Programy\Free Download Manager\fdm.exe[5016] kernel32.dll!CreateProcessW 76F4204D 6 Bytes JMP 71A50F5A .text H:\Programy\Free Download Manager\fdm.exe[5016] kernel32.dll!CreateProcessA 76F42082 6 Bytes JMP 71A80F5A .text H:\Programy\Free Download Manager\fdm.exe[5016] kernel32.dll!LoadLibraryA 76F8DC65 6 Bytes JMP 716F0F5A .text H:\Programy\Free Download Manager\fdm.exe[5016] kernel32.dll!CloseHandle 76F8E868 6 Bytes JMP 718A0F5A .text H:\Programy\Free Download Manager\fdm.exe[5016] kernel32.dll!CreateFileW 76F8E8A5 6 Bytes JMP 718D0F5A .text H:\Programy\Free Download Manager\fdm.exe[5016] kernel32.dll!LoadLibraryW 76F8EF42 6 Bytes JMP 716C0F5A .text H:\Programy\Free Download Manager\fdm.exe[5016] GDI32.dll!DeleteDC 773E6EAA 6 Bytes JMP 71750F5A .text H:\Programy\Free Download Manager\fdm.exe[5016] GDI32.dll!BitBlt 773E72C0 6 Bytes JMP 71720F5A .text H:\Programy\Free Download Manager\fdm.exe[5016] GDI32.dll!CreateDCA 773ECCA9 6 Bytes JMP 717B0F5A .text H:\Programy\Free Download Manager\fdm.exe[5016] GDI32.dll!CreateDCW 773ECF79 6 Bytes JMP 71780F5A .text H:\Programy\Free Download Manager\fdm.exe[5016] USER32.dll!RegisterHotKey 777AAA19 3 Bytes [FF, 25, 1E] .text H:\Programy\Free Download Manager\fdm.exe[5016] USER32.dll!RegisterHotKey + 4 777AAA1D 2 Bytes [7D, 71] {JGE 0x73} .text H:\Programy\Free Download Manager\fdm.exe[5016] USER32.dll!ExitWindowsEx 777F06C7 6 Bytes JMP 71A20F5A .text H:\Programy\Free Download Manager\fdm.exe[5016] USER32.dll!DdeClientTransaction 7780323C 6 Bytes JMP 71810F5A .text H:\Programy\Free Download Manager\fdm.exe[5016] ADVAPI32.dll!CreateServiceW 7789712C 6 Bytes JMP 71840F5A .text H:\Programy\Free Download Manager\fdm.exe[5016] ADVAPI32.dll!CreateServiceA 778B3158 6 Bytes JMP 71870F5A .text H:\Programy\Free Download Manager\fdm.exe[5016] ADVAPI32.dll!InitiateSystemShutdownW 778CDA6D 6 Bytes JMP 719C0F5A .text H:\Programy\Free Download Manager\fdm.exe[5016] ADVAPI32.dll!InitiateSystemShutdownExW 778CDB3A 6 Bytes JMP 71960F5A .text H:\Programy\Free Download Manager\fdm.exe[5016] ADVAPI32.dll!InitiateSystemShutdownA 778CDC0F 6 Bytes JMP 719F0F5A .text H:\Programy\Free Download Manager\fdm.exe[5016] ADVAPI32.dll!InitiateSystemShutdownExA 778CDCB6 6 Bytes JMP 71990F5A .text H:\Programy\Free Download Manager\fdm.exe[5016] WS2_32.dll!socket 77CA3EB8 6 Bytes JMP 71AE0F5A .text H:\Programy\Free Download Manager\fdm.exe[5016] IPHLPAPI.DLL!IcmpSendEcho2Ex 751B843C 6 Bytes JMP 71900F5A .text H:\Programy\Free Download Manager\fdm.exe[5016] IPHLPAPI.DLL!IcmpSendEcho2 751B873B 6 Bytes JMP 71930F5A .text E:\Windows\system32\wuauclt.exe[5324] ntdll.dll!NtAcceptConnectPort 77B851A8 3 Bytes [FF, 25, 1E] .text E:\Windows\system32\wuauclt.exe[5324] ntdll.dll!NtAcceptConnectPort + 4 77B851AC 2 Bytes [65, 71] .text E:\Windows\system32\wuauclt.exe[5324] ntdll.dll!NtCreateSymbolicLinkObject 77B85708 3 Bytes [FF, 25, 1E] .text E:\Windows\system32\wuauclt.exe[5324] ntdll.dll!NtCreateSymbolicLinkObject + 4 77B8570C 2 Bytes [68, 71] .text E:\Windows\system32\wuauclt.exe[5324] kernel32.dll!CreateProcessW 76F4204D 6 Bytes JMP 71A50F5A .text E:\Windows\system32\wuauclt.exe[5324] kernel32.dll!CreateProcessA 76F42082 6 Bytes JMP 71A80F5A .text E:\Windows\system32\wuauclt.exe[5324] kernel32.dll!LoadLibraryA 76F8DC65 6 Bytes JMP 716F0F5A .text E:\Windows\system32\wuauclt.exe[5324] kernel32.dll!CloseHandle 76F8E868 6 Bytes JMP 718A0F5A .text E:\Windows\system32\wuauclt.exe[5324] kernel32.dll!CreateFileW 76F8E8A5 6 Bytes JMP 718D0F5A .text E:\Windows\system32\wuauclt.exe[5324] kernel32.dll!LoadLibraryW 76F8EF42 6 Bytes JMP 716C0F5A .text E:\Windows\system32\wuauclt.exe[5324] GDI32.dll!DeleteDC 773E6EAA 6 Bytes JMP 71750F5A .text E:\Windows\system32\wuauclt.exe[5324] GDI32.dll!BitBlt 773E72C0 6 Bytes JMP 71720F5A .text E:\Windows\system32\wuauclt.exe[5324] GDI32.dll!CreateDCA 773ECCA9 6 Bytes JMP 717B0F5A .text E:\Windows\system32\wuauclt.exe[5324] GDI32.dll!CreateDCW 773ECF79 6 Bytes JMP 71780F5A .text E:\Windows\system32\wuauclt.exe[5324] USER32.dll!RegisterHotKey 777AAA19 3 Bytes [FF, 25, 1E] .text E:\Windows\system32\wuauclt.exe[5324] USER32.dll!RegisterHotKey + 4 777AAA1D 2 Bytes [7D, 71] {JGE 0x73} .text E:\Windows\system32\wuauclt.exe[5324] USER32.dll!ExitWindowsEx 777F06C7 6 Bytes JMP 71A20F5A .text E:\Windows\system32\wuauclt.exe[5324] USER32.dll!DdeClientTransaction 7780323C 6 Bytes JMP 71810F5A .text E:\Windows\system32\wuauclt.exe[5324] ADVAPI32.dll!CreateServiceW 7789712C 6 Bytes JMP 71840F5A .text E:\Windows\system32\wuauclt.exe[5324] ADVAPI32.dll!CreateServiceA 778B3158 6 Bytes JMP 71870F5A .text E:\Windows\system32\wuauclt.exe[5324] ADVAPI32.dll!InitiateSystemShutdownW 778CDA6D 6 Bytes JMP 719C0F5A .text E:\Windows\system32\wuauclt.exe[5324] ADVAPI32.dll!InitiateSystemShutdownExW 778CDB3A 6 Bytes JMP 71960F5A .text E:\Windows\system32\wuauclt.exe[5324] ADVAPI32.dll!InitiateSystemShutdownA 778CDC0F 6 Bytes JMP 719F0F5A .text E:\Windows\system32\wuauclt.exe[5324] ADVAPI32.dll!InitiateSystemShutdownExA 778CDCB6 6 Bytes JMP 71990F5A .text E:\Windows\system32\wuauclt.exe[5324] WS2_32.dll!socket 77CA3EB8 6 Bytes JMP 71AE0F5A .text E:\Windows\system32\wuauclt.exe[5324] IPHLPAPI.DLL!IcmpSendEcho2Ex 751B843C 6 Bytes JMP 71900F5A .text E:\Windows\system32\wuauclt.exe[5324] IPHLPAPI.DLL!IcmpSendEcho2 751B873B 6 Bytes JMP 71930F5A ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [892AF70C] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [892AFEEE] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [892B020E] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [892B00CC] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [892AF8F0] \SystemRoot\System32\Drivers\sptd.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT E:\Windows\Explorer.EXE[2236] @ E:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73812437] E:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT E:\Windows\Explorer.EXE[2236] @ E:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [737F5600] E:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT E:\Windows\Explorer.EXE[2236] @ E:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [737F56BE] E:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT E:\Windows\Explorer.EXE[2236] @ E:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [738124B2] E:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT E:\Windows\Explorer.EXE[2236] @ E:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73808514] E:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT E:\Windows\Explorer.EXE[2236] @ E:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73804CC8] E:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT E:\Windows\Explorer.EXE[2236] @ E:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7380506F] E:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT E:\Windows\Explorer.EXE[2236] @ E:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73805144] E:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT E:\Windows\Explorer.EXE[2236] @ E:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73806671] E:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT E:\Windows\Explorer.EXE[2236] @ E:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7380826B] E:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT E:\Windows\Explorer.EXE[2236] @ E:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [738087BA] E:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT E:\Windows\Explorer.EXE[2236] @ E:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7380901B] E:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT E:\Windows\Explorer.EXE[2236] @ E:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7380E1BE] E:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT E:\Windows\Explorer.EXE[2236] @ E:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73804BFA] E:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] @ E:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C0FFF6] E:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] @ E:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C0FFF6] E:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] @ E:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C0FFF6] E:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2632] @ E:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C0FFF6] E:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8566C1E8 Device \FileSystem\fastfat \FatCdrom 86C6A1E8 Device \Driver\usbuhci \Device\USBPDO-0 867021E8 Device \Driver\usbuhci \Device\USBPDO-1 867021E8 Device \Driver\usbuhci \Device\USBPDO-2 867021E8 Device \Driver\usbehci \Device\USBPDO-3 866E6430 Device \Driver\usbuhci \Device\USBPDO-4 867021E8 Device \Driver\tdx \Device\Tcp OAmon.sys Device \Driver\usbuhci \Device\USBPDO-5 867021E8 Device \Driver\usbuhci \Device\USBPDO-6 867021E8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\usbehci \Device\USBPDO-7 866E6430 Device \Driver\ACPI_HAL \Device\00000064 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 865FF1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8566A1E8 Device \Driver\atapi \Device\Ide\IdePort0 8566A1E8 Device \Driver\atapi \Device\Ide\IdePort1 8566A1E8 Device \Driver\atapi \Device\Ide\IdePort2 8566A1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-7 8566A1E8 Device \Driver\atapi \Device\Ide\IdePort3 8566A1E8 Device \Driver\atapi \Device\Ide\IdePort4 8566A1E8 Device \Driver\atapi \Device\Ide\IdePort5 8566A1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-4 8566A1E8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\tdx \Device\RawIp6 OAmon.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{CF0F53DF-4FEE-4EE8-9DAB-D91F969DF98E} 866931E8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\tdx \Device\Tcp6 OAmon.sys Device \Driver\NetBT \Device\NetBt_Wins_Export 866931E8 Device \Driver\tdx \Device\Tdx OAmon.sys Device \Driver\tdx \Device\Udp OAmon.sys Device \Driver\tdx \Device\RawIp OAmon.sys Device \Driver\usbuhci \Device\USBFDO-0 867021E8 Device \Driver\usbuhci \Device\USBFDO-1 867021E8 Device \Driver\usbuhci \Device\USBFDO-2 867021E8 Device \Driver\tdx \Device\Udp6 OAmon.sys Device \Driver\usbehci \Device\USBFDO-3 866E6430 Device \Driver\usbuhci \Device\USBFDO-4 867021E8 Device \Driver\usbuhci \Device\USBFDO-5 867021E8 Device \Driver\usbuhci \Device\USBFDO-6 867021E8 Device \Driver\usbehci \Device\USBFDO-7 866E6430 Device \FileSystem\fastfat \Fat 86C6A1E8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE5 0x37 0xEF 0xDE ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0xB9 0x5E 0xE1 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE5 0x37 0xEF 0xDE ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0xB9 0x5E 0xE1 ... ---- EOF - GMER 1.0.15 ----