RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Dodatek Service Pack 3)
Number of processors #2
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtCreateKey, Type: Address change 0x806237C8-->BA795F36 [Unknown module filename]
ntkrnlpa.exe-->NtCreateThread, Type: Address change 0x805D0FD2-->BA795F2C [Unknown module filename]
ntkrnlpa.exe-->NtDeleteKey, Type: Address change 0x80623C64-->BA795F3B [Unknown module filename]
ntkrnlpa.exe-->NtDeleteValueKey, Type: Address change 0x80623E34-->BA795F45 [Unknown module filename]
ntkrnlpa.exe-->NtLoadKey, Type: Address change 0x806259EC-->BA795F4A [Unknown module filename]
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x805CB3FA-->BA795F18 [Unknown module filename]
ntkrnlpa.exe-->NtOpenThread, Type: Address change 0x805CB686-->BA795F1D [Unknown module filename]
ntkrnlpa.exe-->NtReplaceKey, Type: Address change 0x8062589C-->BA795F54 [Unknown module filename]
ntkrnlpa.exe-->NtRestoreKey, Type: Address change 0x806251A8-->BA795F4F [Unknown module filename]
ntkrnlpa.exe-->NtSetValueKey, Type: Address change 0x80621D3A-->BA795F40 [Unknown module filename]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x8A5387F8 [4] System
0x89704390 [288] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Menedżer sesji Windows NT)
0x8947F958 [324] C:\Program Files\ASUS\Six Engine\SixEngine.exe (-, -)
0x8936BDA0 [332] C:\Program Files\ASUS\Drive Xpert\DriveXpert.exe (Silicon Image, Inc., Drive Xpert Volume Manager)
0x89269DA0 [336] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8935E020 [548] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Aplikacja logowania systemu Windows NT)
0x896B9020 [592] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Usługi i aplikacja Kontroler)
0x8931F708 [604] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x89207900 [732] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis, Acronis True Image Monitor)
0x896C2020 [780] C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0x895D3618 [800] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x892ADB58 [808] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis, Monitor for Acronis True Image Backup Archive Explorer)
0x89431B50 [848] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89449898 [888] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x891E7900 [912] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis, Acronis Scheduler Helper)
0x893C47E8 [920] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc., SMax4PNP)
0x8959C740 [924] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89494DA0 [1004] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x89218900 [1028] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation, Windows Messenger)
0x896289E8 [1036] C:\Program Files\Analog Devices\SoundMAX\SMax4.exe (Analog Devices, Inc., Audio Control Panel)
0x8923BB50 [1044] C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH, Antivirus Scheduler)
0x891EBB50 [1068] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co., Hewlett-Packard Product Assistant)
0x891E8DA0 [1108] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe (Leadtek Research Inc., WinFast DTV Schedule)
0x89714DA0 [1112] C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0x89492540 [1148] C:\Program Files\WinFast\WFDTV\WFWIZ.exe (Leadtek Research Inc., WinFast Wizard)
0x891EADA0 [1172] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB, Sony Ericsson PC Companion)
0x891EEB28 [1216] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc., RealNetworks Scheduler)
0x892EB5C8 [1220] C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis, Acronis Scheduler 2)
0x89364DA0 [1240] C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH, Antivirus On-Access Service)
0x892F29E8 [1292] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc., Catalyst Control Center: Monitoring program)
0x8936E610 [1296] C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated, Adobe Acrobat SpeedLauncher)
0x89375DA0 [1300] C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company, LightScribe Service)
0x8921E898 [1320] C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH, AntiVir shadow copy service)
0x892115B8 [1416] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x891E4DA0 [1424] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (-, Application Launcher)
0x89226B50 [1540] C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
0x891FCDA0 [1596] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH, Antivirus System Tray Tool)
0x89369DA0 [1616] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company, -)
0x891FA900 [1668] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x894166B0 [1772] C:\WINDOWS\explorer.exe (Microsoft Corporation, Eksplorator Windows)
0x8939A470 [1856] C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc., ULCDRSvr)
0x891FEDA0 [1880] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG, Free Download Manager)
0x89265460 [2164] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co., HP Digital Imaging Monitor)
0x89246B28 [2204] C:\Program Files\REALTEK PCI&Cardbus Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp., RtWLan ( For WinXP/2003) Application)
0x893F7B60 [2384] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc., Catalyst Control Centre: Host application)
0x8932FAA0 [2516] C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Co.,  )
0x891CA900 [2616] C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
0x89445480 [2820] C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co., HP CUE Status)
0x893FAB80 [3148] C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe (Hewlett-Packard Co., Hewlett-Packard Product Assistant)
0x88ABCC98 [3536] C:\Documents and Settings\user\Pulpit\Programy\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
0x88AAA530 [3752] C:\Program Files\Common Files\Teleca Shared\Generic.exe (Obigo AB, Generic Device Management Executable.)
0x88B2A020 [3936] C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB, CAPI_Worker Module)
==============================================
>Drivers
==============================================
0xB96A5000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 5455872 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF1AD000 C:\WINDOWS\System32\ati3duag.dll 4120576 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF59B000 C:\WINDOWS\System32\ativvaxx.dll 2498560 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, Jądro i system NT)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Współużytkowany sterownik Win32)
0xBF063000 C:\WINDOWS\System32\ati2cqag.dll 577536 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xB9DEB000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF0F0000 C:\WINDOWS\System32\atikvmag.dll 471040 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xB9D80000 timntr.sys 438272 bytes (Acronis, Acronis True Image Backup Archive Explorer)
0xACF2E000 C:\WINDOWS\system32\drivers\Senfilt.sys 393216 bytes (Sensaura, Sensaura WDM 3D Audio Driver)
0xB94C7000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB9D27000 tdrpman.sys 364544 bytes (Acronis, Acronis Try&Decide and Restore Points Volume Filter Driver)
0xACFA6000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 352256 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 331776 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF163000 C:\WINDOWS\System32\atiok3x2.dll 303104 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA9A4D000 C:\WINDOWS\system32\DRIVERS\atksgt.sys 274432 bytes
0xB9EDA000 mv61xx.sys 262144 bytes (Marvell Semiconductor, Inc., Marvell Thor Windows Driver)
0xB9F78000 ACPI.sys 192512 bytes (Microsoft Corporation, Sterownik ACPI dla systemu NT)
0xA85D3000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xACAA4000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB9669000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA930A000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAD30D000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9645000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB95DC000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xACA12000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 139264 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EA2000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F32000 ftdisk.sys 126976 bytes (Microsoft Corporation, Sterownik dysku FT)
0xB9D09000 snapman.sys 122880 bytes (Acronis, Acronis Snapshot API)
0xAD331000 C:\WINDOWS\system32\drivers\AtiHdmi.sys 106496 bytes (ATI Research Inc., Ati High Definition Audio Function Driver)
0xB9CDB000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xACF8E000 C:\WINDOWS\system32\drivers\AEAudio.sys 98304 bytes (Andrea Electronics Corporation, Audio Noise Filtering Driver (32-bit))
0xB9F1A000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9EC2000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9E8B000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9F51000 ps7arj8b.sys 90112 bytes (Cenega Poland Sp. z o.o., Konie i kucyki: Najlepsi przyjaciele Synchronization Driver)
0xA9F72000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xA98A6000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9CF5000 pe3arj8b.sys 81920 bytes (Cenega Poland Sp. z o.o., Konie i kucyki: Najlepsi przyjaciele Environment Driver)
0xB9691000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB9E78000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9F67000 pci.sys 69632 bytes (Microsoft Corporation, Licznik NT Plug and Play PCI)
0xA96E4000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA248000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA228000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Sterownik urządzenia szeregowego)
0xBA198000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA258000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Sterownik filtru audio Redbook)
0xA9B00000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Sterownik kopiowania woluminów w tle)
0xAD053000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, Sterownik kryptografii FIPS)
0xBA238000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA208000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Sterownik urządzenia procesora)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, Sterownik magistrali ISA PNP)
0xBA298000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xAC4D3000 C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 40960 bytes (Acronis, Acronis True Image File System Filter)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xACC3C000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xA890B000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA3C8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA4A0000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA440000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA3A8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA458000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Sterownik klasy klawiatury)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA470000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA460000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Sterownik klasy myszy)
0xBA408000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xBA438000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA3B8000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xAC7AF000 C:\WINDOWS\system32\DRIVERS\lirsgt.sys 20480 bytes
0xBA3C0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA448000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA338000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA430000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAC83B000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, Sterownik filtru myszy HID)
0xB9BF9000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB9C47000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB9BE5000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xAC84F000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xAC847000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, Sterownik filtru myszy HID)
0xB9BFD000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB9C7F000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5F2000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0xBA610000 C:\WINDOWS\system32\drivers\AsIO.sys 8192 bytes
0xBA60E000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xBA606000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA604000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA608000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA60A000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5F4000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5F6000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA763000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA743000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA794000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Rodzajowy sterownik magistrali PCI IDE)
==============================================
>Stealth
==============================================
0x054A0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 102400 bytes
0x067D0000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 1085440 bytes
0x00D30000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x892F29E8 ] PID: 1292, 118784 bytes
0x03960000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 118784 bytes
0x07140000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Dashboard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 118784 bytes
0x06A30000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 135168 bytes
0x068F0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 143360 bytes
0x05DD0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 1699840 bytes
0x054D0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 217088 bytes
0x06920000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 233472 bytes
0x00F00000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x892F29E8 ] PID: 1292, 28672 bytes
0x01170000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x892F29E8 ] PID: 1292, 28672 bytes
0x05630000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x053E0000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x04DF0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x04640000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x00DB0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x00DE0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x039B0000 Hidden Image-->LOCALIZATION.Foundation.Private.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x03B70000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x04040000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x04060000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x040B0000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x040F0000 Hidden Image-->AEM.Plugin.WinMessages.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x04630000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x04AF0000 Hidden Image-->CLI.Caste.HydraVision.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x04B00000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x04C10000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x04BC0000 Hidden Image-->DEM.OS.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x04BB0000 Hidden Image-->DEM.OS.I0602.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x04BE0000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x04C50000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x04DE0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x04E20000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x04F70000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x04FA0000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x05110000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x05170000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x051B0000 Hidden Image-->DEM.Graphics.I0703.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x05410000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x05530000 Hidden Image-->atixclib.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x055D0000 Hidden Image-->CLI.Caste.HydraVision.Wizard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x05600000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x05990000 Hidden Image-->Branding.dll [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x05760000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x05A20000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x059B0000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x059F0000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x068E0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x07220000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 28672 bytes
0x04B50000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 290816 bytes
0x01190000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x892F29E8 ] PID: 1292, 307200 bytes
0x00E20000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x893F7B60 ] PID: 2384, 307200 bytes
0x06670000 Hidden Image-->CLI.Aspect.HydraVision.Wizard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 315392 bytes
0x06E80000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 356352 bytes
0x012D0000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x892F29E8 ] PID: 1292, 36864 bytes
0x03E50000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x892F29E8 ] PID: 1292, 36864 bytes
0x04BA0000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 36864 bytes
0x039A0000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 36864 bytes
0x00D80000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 36864 bytes
0x039E0000 Hidden Image-->AxInterop.WBOCXLib.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 36864 bytes
0x03BB0000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 36864 bytes
0x03DB0000 Hidden Image-->Interop.WBOCXLib.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 36864 bytes
0x04090000 Hidden Image-->LOCALIZATION.Foundation.Implementation.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 36864 bytes
0x04AE0000 Hidden Image-->CLI.Caste.HydraVision.Runtime.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 36864 bytes
0x04F40000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 36864 bytes
0x05040000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 36864 bytes
0x05060000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 36864 bytes
0x050B0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 36864 bytes
0x05130000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Runtime.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 36864 bytes
0x059C0000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 36864 bytes
0x06460000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Wizard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 372736 bytes
0x05920000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 405504 bytes
0x063F0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 413696 bytes
0x03AC0000 Hidden Image-->System.Windows.Forms.resources.dll [ EPROCESS 0x893F7B60 ] PID: 2384, 438272 bytes
0x04650000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x893F7B60 ] PID: 2384, 438272 bytes
0x06A60000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 446464 bytes
0x00D60000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x892F29E8 ] PID: 1292, 45056 bytes
0x00DD0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x892F29E8 ] PID: 1292, 45056 bytes
0x00DA0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 45056 bytes
0x00E80000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 45056 bytes
0x03B80000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 45056 bytes
0x04F50000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 45056 bytes
0x04FB0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 45056 bytes
0x05050000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 45056 bytes
0x050A0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 45056 bytes
0x06E00000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 462848 bytes
0x05420000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 479232 bytes
0x04F30000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 53248 bytes
0x03B60000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 53248 bytes
0x03B50000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 53248 bytes
0x03BA0000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 53248 bytes
0x04050000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 53248 bytes
0x04620000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 53248 bytes
0x05020000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 53248 bytes
0x05080000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 53248 bytes
0x05510000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 53248 bytes
0x05800000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 53248 bytes
0x059D0000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 53248 bytes
0x05770000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 544768 bytes
0x06EE0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 602112 bytes
0x05090000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 61440 bytes
0x050F0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 61440 bytes
0x05240000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 61440 bytes
0x052A0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 61440 bytes
0x06BB0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 684032 bytes
0x07160000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 684032 bytes
0x00DE0000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x892F29E8 ] PID: 1292, 69632 bytes
0x00DF0000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 69632 bytes
0x03980000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 69632 bytes
0x04B10000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 69632 bytes
0x050C0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 69632 bytes
0x051C0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 69632 bytes
0x05220000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 69632 bytes
0x053B0000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 69632 bytes
0x06570000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Wizard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 700416 bytes
0x06970000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 724992 bytes
0x03B30000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 77824 bytes
0x04E00000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 77824 bytes
0x04FE0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 77824 bytes
0x06D30000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 806912 bytes
0x07050000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 823296 bytes
0x00DC0000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 86016 bytes
0x04C20000 Hidden Image-->ATIDEMOS.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 86016 bytes
0x04FC0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 86016 bytes
0x05180000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 86016 bytes
0x05A00000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 86016 bytes
0x05280000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x893F7B60 ] PID: 2384, 94208 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Dane aplikacji\Real\setup\config.ini::$DATA
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D524, Type: Inline - RelativeJump 0x80504524-->805044E6 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D554, Type: Inline - RelativeJump 0x80504554-->80504516 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D584, Type: Inline - RelativeJump 0x80504584-->80504546 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D608, Type: Inline - RelativeJump 0x80504608-->805045CA [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D784, Type: Inline - RelativeJump 0x80504784-->80504746 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D7B0, Type: Inline - RelativeJump 0x805047B0-->80504772 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D85C, Type: Inline - RelativeJump 0x8050485C-->8050481E [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]
[1172]PCCompanion.exe-->user32.dll+0x0001C298, Type: Inline - RelativeJump 0x7E37C298-->00000000 [NewUI.dll]
[1172]PCCompanion.exe-->user32.dll+0x0001E7E5, Type: Inline - RelativeJump 0x7E37E7E5-->00000000 [NewUI.dll]
[1172]PCCompanion.exe-->user32.dll+0x0002113B, Type: Inline - RelativeJump 0x7E38113B-->00000000 [NewUI.dll]
[1172]PCCompanion.exe-->user32.dll-->AdjustWindowRect, Type: Inline - RelativeJump 0x7E381140-->00000000 [user32.dll]
[1172]PCCompanion.exe-->user32.dll-->AdjustWindowRectEx, Type: Inline - RelativeJump 0x7E37E7EA-->00000000 [user32.dll]
[1172]PCCompanion.exe-->user32.dll-->SetWindowLongA, Type: Inline - RelativeJump 0x7E37C29D-->00000000 [user32.dll]
[1772]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DC1218-->00000000 [shimeng.dll]
[1772]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1772]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1772]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1772]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [shimeng.dll]
[1772]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3FCF14B0-->00000000 [shimeng.dll]
[1772]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A5109C-->00000000 [shimeng.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)