GMER 1.0.15.15570 - http://www.gmer.net Rootkit scan 2011-04-21 09:02:42 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS541060G9AT00 rev.MB3VA60A Running: ix7qv3n1.exe; Driver: C:\DOCUME~1\Argus2\USTAWI~1\Temp\kwtdrpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xF42A3610] SSDT spqk.sys ZwCreateKey [0xF73A90E0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xF42A3C10] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xF42A3730] SSDT spqk.sys ZwEnumerateKey [0xF73C1DA4] SSDT spqk.sys ZwEnumerateValueKey [0xF73C2132] SSDT spqk.sys ZwOpenKey [0xF73A90C0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xF42A34B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xF42A3570] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xF42A36D0] SSDT spqk.sys ZwQueryKey [0xF73C220A] SSDT spqk.sys ZwQueryValueKey [0xF73C208A] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xF42A3790] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xF42A3690] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xF42A3650] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xF42A37D0] SSDT spqk.sys ZwSetValueKey [0xF73C229C] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xF42A3510] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xF42A3590] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xF42A34D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xF42A35D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xF42A3750] INT 0x62 ? 86F6DBF8 INT 0x82 ? 86F6DBF8 INT 0x83 ? 86D28F00 INT 0xA4 ? 86D28F00 INT 0xB4 ? 86D28F00 ---- Kernel code sections - GMER 1.0.15 ---- ? spqk.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6EA3360, 0x20328D, 0xE8000020] .text USBPORT.SYS!DllUnload F6E338AC 5 Bytes JMP 86D284E0 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[740] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AF5840 .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[740] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 00AF59E0 .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[740] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00AF6130 .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[740] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 00AF5AB0 .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[740] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00AF5910 .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[740] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AF5668 .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AF5C50 .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AF5B80 .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[740] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AF5D20 .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[740] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 00AF62D0 .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[740] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 00AF5F90 .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[740] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 00AF6060 .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[740] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 00AF6200 .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[740] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00AF5DF0 .text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[740] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00AF5EC0 .text C:\WINDOWS\system32\wscntfy.exe[948] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007F5978 .text C:\WINDOWS\system32\wscntfy.exe[948] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 007F5B18 .text C:\WINDOWS\system32\wscntfy.exe[948] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 007F6268 .text C:\WINDOWS\system32\wscntfy.exe[948] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 007F5BE8 .text C:\WINDOWS\system32\wscntfy.exe[948] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 007F5A48 .text C:\WINDOWS\system32\wscntfy.exe[948] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007F5830 .text C:\WINDOWS\system32\wscntfy.exe[948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007F5D88 .text C:\WINDOWS\system32\wscntfy.exe[948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007F5CB8 .text C:\WINDOWS\system32\wscntfy.exe[948] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007F5E58 .text C:\WINDOWS\system32\wscntfy.exe[948] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 007F6408 .text C:\WINDOWS\system32\wscntfy.exe[948] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 007F60C8 .text C:\WINDOWS\system32\wscntfy.exe[948] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 007F6198 .text C:\WINDOWS\system32\wscntfy.exe[948] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 007F6338 .text C:\WINDOWS\system32\wscntfy.exe[948] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 007F5F28 .text C:\WINDOWS\system32\wscntfy.exe[948] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 007F5FF8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[992] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003C5738 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[992] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003C58D8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[992] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003C6028 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[992] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003C59A8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[992] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003C5808 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[992] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003C55D0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[992] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003C5B48 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[992] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003C5A78 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[992] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003C5C18 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[992] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003C61C8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[992] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003C5E88 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[992] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003C5F58 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[992] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003C60F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[992] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003C5CE8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[992] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003C5DB8 .text C:\WINDOWS\ATKKBService.exe[1020] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003A5680 .text C:\WINDOWS\ATKKBService.exe[1020] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003A5820 .text C:\WINDOWS\ATKKBService.exe[1020] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003A5F70 .text C:\WINDOWS\ATKKBService.exe[1020] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003A58F0 .text C:\WINDOWS\ATKKBService.exe[1020] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003A5750 .text C:\WINDOWS\ATKKBService.exe[1020] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003A55B0 .text C:\WINDOWS\ATKKBService.exe[1020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003A5A90 .text C:\WINDOWS\ATKKBService.exe[1020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A59C0 .text C:\WINDOWS\ATKKBService.exe[1020] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A5B60 .text C:\WINDOWS\ATKKBService.exe[1020] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003A6110 .text C:\WINDOWS\ATKKBService.exe[1020] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003A5DD0 .text C:\WINDOWS\ATKKBService.exe[1020] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003A5EA0 .text C:\WINDOWS\ATKKBService.exe[1020] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003A6040 .text C:\WINDOWS\ATKKBService.exe[1020] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003A5C30 .text C:\WINDOWS\ATKKBService.exe[1020] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003A5D00 .text C:\WINDOWS\Explorer.EXE[1032] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00365998 .text C:\WINDOWS\Explorer.EXE[1032] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 00365B38 .text C:\WINDOWS\Explorer.EXE[1032] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00366288 .text C:\WINDOWS\Explorer.EXE[1032] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 00365C08 .text C:\WINDOWS\Explorer.EXE[1032] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00365A68 .text C:\WINDOWS\Explorer.EXE[1032] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00365830 .text C:\WINDOWS\Explorer.EXE[1032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00365DA8 .text C:\WINDOWS\Explorer.EXE[1032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00365CD8 .text C:\WINDOWS\Explorer.EXE[1032] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00365E78 .text C:\WINDOWS\Explorer.EXE[1032] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 00366428 .text C:\WINDOWS\Explorer.EXE[1032] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003660E8 .text C:\WINDOWS\Explorer.EXE[1032] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003661B8 .text C:\WINDOWS\Explorer.EXE[1032] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 00366358 .text C:\WINDOWS\Explorer.EXE[1032] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00365F48 .text C:\WINDOWS\Explorer.EXE[1032] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00366018 .text E:\Programy\ESET\NOD32\ekrn.exe[1076] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003D5718 .text E:\Programy\ESET\NOD32\ekrn.exe[1076] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003D58B8 .text E:\Programy\ESET\NOD32\ekrn.exe[1076] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003D6008 .text E:\Programy\ESET\NOD32\ekrn.exe[1076] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003D5988 .text E:\Programy\ESET\NOD32\ekrn.exe[1076] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003D57E8 .text E:\Programy\ESET\NOD32\ekrn.exe[1076] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003D55B0 .text E:\Programy\ESET\NOD32\ekrn.exe[1076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003D5B28 .text E:\Programy\ESET\NOD32\ekrn.exe[1076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003D5A58 .text E:\Programy\ESET\NOD32\ekrn.exe[1076] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00] .text E:\Programy\ESET\NOD32\ekrn.exe[1076] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003D5BF8 .text E:\Programy\ESET\NOD32\ekrn.exe[1076] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003D61A8 .text E:\Programy\ESET\NOD32\ekrn.exe[1076] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003D5E68 .text E:\Programy\ESET\NOD32\ekrn.exe[1076] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003D5F38 .text E:\Programy\ESET\NOD32\ekrn.exe[1076] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003D60D8 .text E:\Programy\ESET\NOD32\ekrn.exe[1076] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D5CC8 .text E:\Programy\ESET\NOD32\ekrn.exe[1076] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D5D98 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1124] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [E9] .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1124] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003B56D8 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1124] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003B5878 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1124] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003B5FC8 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1124] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003B5948 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1124] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003B57A8 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003B55E0 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003B5AE8 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B5A18 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1124] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003B5BB8 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1124] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003B6168 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1124] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003B5E28 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1124] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003B5EF8 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1124] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003B6098 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1124] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003B5C88 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1124] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003B5D58 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1144] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003A5698 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1144] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003A5838 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1144] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003A5F88 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1144] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003A5908 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1144] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003A5768 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1144] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003A55C8 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1144] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003A5AA8 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1144] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A59D8 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1144] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A5B78 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1144] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003A6128 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1144] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003A5DE8 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1144] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003A5EB8 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1144] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003A6058 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1144] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003A5C48 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1144] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003A5D18 .text C:\WINDOWS\system32\taskmgr.exe[1152] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003C5968 .text C:\WINDOWS\system32\taskmgr.exe[1152] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003C5B08 .text C:\WINDOWS\system32\taskmgr.exe[1152] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003C6258 .text C:\WINDOWS\system32\taskmgr.exe[1152] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003C5BD8 .text C:\WINDOWS\system32\taskmgr.exe[1152] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003C5A38 .text C:\WINDOWS\system32\taskmgr.exe[1152] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003C5820 .text C:\WINDOWS\system32\taskmgr.exe[1152] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003C5D78 .text C:\WINDOWS\system32\taskmgr.exe[1152] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003C5CA8 .text C:\WINDOWS\system32\taskmgr.exe[1152] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003C5E48 .text C:\WINDOWS\system32\taskmgr.exe[1152] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003C63F8 .text C:\WINDOWS\system32\taskmgr.exe[1152] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003C60B8 .text C:\WINDOWS\system32\taskmgr.exe[1152] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003C6188 .text C:\WINDOWS\system32\taskmgr.exe[1152] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003C6328 .text C:\WINDOWS\system32\taskmgr.exe[1152] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003C5F18 .text C:\WINDOWS\system32\taskmgr.exe[1152] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003C5FE8 .text C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe[1192] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006A56B8 .text C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe[1192] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 006A5858 .text C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe[1192] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 006A5FA8 .text C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe[1192] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 006A5928 .text C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe[1192] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 006A5788 .text C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe[1192] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006A55C8 .text C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe[1192] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006A5AC8 .text C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe[1192] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006A59F8 .text C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe[1192] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006A5B98 .text C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe[1192] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 006A6148 .text C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe[1192] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 006A5E08 .text C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe[1192] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 006A5ED8 .text C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe[1192] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 006A6078 .text C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe[1192] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 006A5C68 .text C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe[1192] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 006A5D38 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1408] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003A56B0 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1408] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003A5850 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1408] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003A5FA0 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1408] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003A5920 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1408] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003A5780 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1408] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003A55C0 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003A5AC0 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A59F0 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1408] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A5B90 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1408] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003A6140 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1408] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003A5E00 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1408] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003A5ED0 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1408] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003A6070 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1408] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003A5C60 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1408] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003A5D30 .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1592] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003A5690 .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1592] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003A5830 .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1592] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003A5F80 .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1592] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003A5900 .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1592] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003A5760 .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1592] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003A55C0 .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003A5AA0 .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A59D0 .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A5B70 .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1592] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003A6120 .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1592] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003A5DE0 .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1592] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003A5EB0 .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1592] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003A6050 .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1592] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003A5C40 .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1592] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003A5D10 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1628] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003D56B8 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1628] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003D5858 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1628] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003D5FA8 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1628] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003D5928 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1628] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003D5788 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1628] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003D55C8 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003D5AC8 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1628] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003D59F8 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1628] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003D5B98 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1628] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003D6148 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1628] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003D5E08 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1628] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003D5ED8 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1628] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003D6078 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1628] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D5C68 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1628] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D5D38 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1688] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003D5738 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1688] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003D58D8 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1688] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003D6028 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1688] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003D59A8 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1688] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003D5808 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1688] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003D55D0 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003D5B48 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003D5A78 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1688] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003D5C18 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1688] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003D61C8 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1688] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003D5E88 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1688] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003D5F58 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1688] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003D60F8 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1688] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D5CE8 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1688] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D5DB8 .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[1780] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00945798 .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[1780] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 00945938 .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[1780] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00946088 .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[1780] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 00945A08 .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[1780] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00945868 .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[1780] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00945680 .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[1780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00945BA8 .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[1780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00945AD8 .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[1780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00945C78 .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[1780] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 00946228 .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[1780] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 00945EE8 .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[1780] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 00945FB8 .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[1780] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 00946158 .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[1780] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00945D48 .text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[1780] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00945E18 .text C:\WINDOWS\ATK0100\HControl.exe[2320] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009059A8 .text C:\WINDOWS\ATK0100\HControl.exe[2320] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 00905B48 .text C:\WINDOWS\ATK0100\HControl.exe[2320] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00906298 .text C:\WINDOWS\ATK0100\HControl.exe[2320] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 00905C18 .text C:\WINDOWS\ATK0100\HControl.exe[2320] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00905A78 .text C:\WINDOWS\ATK0100\HControl.exe[2320] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00905840 .text C:\WINDOWS\ATK0100\HControl.exe[2320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00905DB8 .text C:\WINDOWS\ATK0100\HControl.exe[2320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00905CE8 .text C:\WINDOWS\ATK0100\HControl.exe[2320] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00905E88 .text C:\WINDOWS\ATK0100\HControl.exe[2320] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 00906438 .text C:\WINDOWS\ATK0100\HControl.exe[2320] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 009060F8 .text C:\WINDOWS\ATK0100\HControl.exe[2320] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 009061C8 .text C:\WINDOWS\ATK0100\HControl.exe[2320] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 00906368 .text C:\WINDOWS\ATK0100\HControl.exe[2320] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00905F58 .text C:\WINDOWS\ATK0100\HControl.exe[2320] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00906028 .text C:\WINDOWS\RTHDCPL.EXE[2344] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003C5A40 .text C:\WINDOWS\RTHDCPL.EXE[2344] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003C5B98 .text C:\WINDOWS\RTHDCPL.EXE[2344] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003C62E8 .text C:\WINDOWS\RTHDCPL.EXE[2344] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003C5C68 .text C:\WINDOWS\RTHDCPL.EXE[2344] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003C5AC8 .text C:\WINDOWS\RTHDCPL.EXE[2344] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003C5830 .text C:\WINDOWS\RTHDCPL.EXE[2344] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003C5E08 .text C:\WINDOWS\RTHDCPL.EXE[2344] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003C5D38 .text C:\WINDOWS\RTHDCPL.EXE[2344] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003C5ED8 .text C:\WINDOWS\RTHDCPL.EXE[2344] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003C6488 .text C:\WINDOWS\RTHDCPL.EXE[2344] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003C6148 .text C:\WINDOWS\RTHDCPL.EXE[2344] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003C6218 .text C:\WINDOWS\RTHDCPL.EXE[2344] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003C63B8 .text C:\WINDOWS\RTHDCPL.EXE[2344] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003C5FA8 .text C:\WINDOWS\RTHDCPL.EXE[2344] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003C6078 .text C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe[2368] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003A59F8 .text C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe[2368] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003A5B98 .text C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe[2368] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003A62E8 .text C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe[2368] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003A5C68 .text C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe[2368] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003A5AC8 .text C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe[2368] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003A5890 .text C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe[2368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003A5E08 .text C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe[2368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A5D38 .text C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe[2368] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A5ED8 .text C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe[2368] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003A6488 .text C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe[2368] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003A6148 .text C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe[2368] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003A6218 .text C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe[2368] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003A63B8 .text C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe[2368] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003A5FA8 .text C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe[2368] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003A6078 .text C:\Program Files\ASUS\Wireless Console\wcourier.exe[2376] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003C59B8 .text C:\Program Files\ASUS\Wireless Console\wcourier.exe[2376] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003C5B58 .text C:\Program Files\ASUS\Wireless Console\wcourier.exe[2376] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003C62A8 .text C:\Program Files\ASUS\Wireless Console\wcourier.exe[2376] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003C5C28 .text C:\Program Files\ASUS\Wireless Console\wcourier.exe[2376] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003C5A88 .text C:\Program Files\ASUS\Wireless Console\wcourier.exe[2376] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003C5850 .text C:\Program Files\ASUS\Wireless Console\wcourier.exe[2376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003C5DC8 .text C:\Program Files\ASUS\Wireless Console\wcourier.exe[2376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003C5CF8 .text C:\Program Files\ASUS\Wireless Console\wcourier.exe[2376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003C5E98 .text C:\Program Files\ASUS\Wireless Console\wcourier.exe[2376] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003C6448 .text C:\Program Files\ASUS\Wireless Console\wcourier.exe[2376] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003C6108 .text C:\Program Files\ASUS\Wireless Console\wcourier.exe[2376] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003C61D8 .text C:\Program Files\ASUS\Wireless Console\wcourier.exe[2376] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003C6378 .text C:\Program Files\ASUS\Wireless Console\wcourier.exe[2376] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003C5F68 .text C:\Program Files\ASUS\Wireless Console\wcourier.exe[2376] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003C6038 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2388] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003A5920 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2388] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003A5AC0 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2388] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003A6210 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2388] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003A5B90 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2388] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003A59F0 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2388] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003A5850 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003A5D30 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A5C60 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2388] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A5E00 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2388] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003A63B0 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2388] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003A6070 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2388] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003A6140 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2388] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003A62E0 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2388] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003A5ED0 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2388] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003A5FA0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2412] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003A59B8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2412] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003A5B58 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2412] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003A62A8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2412] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003A5C28 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2412] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003A5A88 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2412] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003A5850 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003A5DC8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A5CF8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2412] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A5E98 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2412] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003A6448 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2412] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003A6108 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2412] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003A61D8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2412] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003A6378 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2412] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003A5F68 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2412] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003A6038 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2460] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [E9] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2460] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003A59D8 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2460] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003A5B78 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2460] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003A62C8 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2460] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003A5C48 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2460] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003A5AA8 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2460] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003A5870 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003A5DE8 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A5D18 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2460] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A5EB8 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2460] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003A6468 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2460] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003A6128 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2460] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003A61F8 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2460] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003A6398 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2460] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003A5F88 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2460] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003A6058 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2472] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B85A28 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2472] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 00B85BC8 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2472] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00B86318 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2472] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 00B85C98 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2472] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00B85AF8 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2472] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B85850 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B85E38 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B85D68 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2472] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B85F08 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2472] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 00B864B8 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2472] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 00B86178 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2472] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 00B86248 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2472] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 00B863E8 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2472] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00B85FD8 .text C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe[2472] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00B860A8 .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2480] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003B5A50 .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2480] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003B5BF0 .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2480] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003B6340 .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2480] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003B5CC0 .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2480] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003B5B20 .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2480] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003B5860 .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2480] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003B5E60 .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2480] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B5D90 .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2480] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003B5F30 .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2480] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003B64E0 .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2480] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003B61A0 .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2480] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003B6270 .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2480] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003B6410 .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2480] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003B6000 .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2480] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003B60D0 .text E:\Programy\ESET\NOD32\egui.exe[2512] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003E59A8 .text E:\Programy\ESET\NOD32\egui.exe[2512] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003E5B48 .text E:\Programy\ESET\NOD32\egui.exe[2512] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003E6298 .text E:\Programy\ESET\NOD32\egui.exe[2512] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003E5C18 .text E:\Programy\ESET\NOD32\egui.exe[2512] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003E5A78 .text E:\Programy\ESET\NOD32\egui.exe[2512] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003E5860 .text E:\Programy\ESET\NOD32\egui.exe[2512] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003E5DB8 .text E:\Programy\ESET\NOD32\egui.exe[2512] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003E5CE8 .text E:\Programy\ESET\NOD32\egui.exe[2512] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003E5E88 .text E:\Programy\ESET\NOD32\egui.exe[2512] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003E6438 .text E:\Programy\ESET\NOD32\egui.exe[2512] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003E60F8 .text E:\Programy\ESET\NOD32\egui.exe[2512] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003E61C8 .text E:\Programy\ESET\NOD32\egui.exe[2512] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003E6368 .text E:\Programy\ESET\NOD32\egui.exe[2512] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E5F58 .text E:\Programy\ESET\NOD32\egui.exe[2512] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E6028 .text C:\Documents and Settings\Argus2\Pulpit\ix7qv3n1.exe[3136] ntdll.dll!NtSetInformationThread 7C90DCAE 5 Bytes JMP 003D5760 .text C:\Documents and Settings\Argus2\Pulpit\ix7qv3n1.exe[3136] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003D5850 .text C:\WINDOWS\ATK0100\ATKOSD.exe[3160] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003A5900 .text C:\WINDOWS\ATK0100\ATKOSD.exe[3160] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003A5AA0 .text C:\WINDOWS\ATK0100\ATKOSD.exe[3160] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003A61F0 .text C:\WINDOWS\ATK0100\ATKOSD.exe[3160] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003A5B70 .text C:\WINDOWS\ATK0100\ATKOSD.exe[3160] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003A59D0 .text C:\WINDOWS\ATK0100\ATKOSD.exe[3160] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003A5830 .text C:\WINDOWS\ATK0100\ATKOSD.exe[3160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003A5D10 .text C:\WINDOWS\ATK0100\ATKOSD.exe[3160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A5C40 .text C:\WINDOWS\ATK0100\ATKOSD.exe[3160] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A5DE0 .text C:\WINDOWS\ATK0100\ATKOSD.exe[3160] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003A6390 .text C:\WINDOWS\ATK0100\ATKOSD.exe[3160] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003A6050 .text C:\WINDOWS\ATK0100\ATKOSD.exe[3160] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003A6120 .text C:\WINDOWS\ATK0100\ATKOSD.exe[3160] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003A62C0 .text C:\WINDOWS\ATK0100\ATKOSD.exe[3160] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003A5EB0 .text C:\WINDOWS\ATK0100\ATKOSD.exe[3160] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003A5F80 .text C:\WINDOWS\System32\alg.exe[3304] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003C57E8 .text C:\WINDOWS\System32\alg.exe[3304] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003C5988 .text C:\WINDOWS\System32\alg.exe[3304] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003C60D8 .text C:\WINDOWS\System32\alg.exe[3304] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003C5A58 .text C:\WINDOWS\System32\alg.exe[3304] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003C58B8 .text C:\WINDOWS\System32\alg.exe[3304] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003C5680 .text C:\WINDOWS\System32\alg.exe[3304] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003C5BF8 .text C:\WINDOWS\System32\alg.exe[3304] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003C5B28 .text C:\WINDOWS\System32\alg.exe[3304] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003C5CC8 .text C:\WINDOWS\System32\alg.exe[3304] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003C6278 .text C:\WINDOWS\System32\alg.exe[3304] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003C5F38 .text C:\WINDOWS\System32\alg.exe[3304] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003C6008 .text C:\WINDOWS\System32\alg.exe[3304] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003C61A8 .text C:\WINDOWS\System32\alg.exe[3304] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003C5D98 .text C:\WINDOWS\System32\alg.exe[3304] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003C5E68 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73AA042] spqk.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73AA13E] spqk.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73AA0C0] spqk.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73AA800] spqk.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73AA6D6] spqk.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73B9B90] spqk.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Fastfat \FatCdrom 86F6C1F8 AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\usbuhci \Device\USBPDO-0 86D48500 Device \Driver\usbuhci \Device\USBPDO-1 86D48500 Device \Driver\NetBT \Device\NetBT_Tcpip_{4328A264-7F11-4507-B3A0-24E1A4A6B314} 861BF1F8 Device \Driver\usbuhci \Device\USBPDO-2 86D48500 Device \Driver\usbuhci \Device\USBPDO-3 86D48500 Device \Driver\usbehci \Device\USBPDO-4 86D3B500 AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD91F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD91F8 Device \Driver\Cdrom \Device\CdRom0 86DA71F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 86FD91F8 Device \Driver\atapi \Device\Ide\IdePort0 [F7304B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F7304B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7304B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7304B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Ftdisk \Device\HarddiskVolume4 86FD91F8 Device \Driver\Ftdisk \Device\HarddiskVolume5 86FD91F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 861BF1F8 Device \Driver\NetBT \Device\NetbiosSmb 861BF1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{BE3E2DAA-6318-4321-8FFA-35DC0A65F823} 861BF1F8 Device \Driver\usbuhci \Device\USBFDO-0 86D48500 Device \Driver\usbuhci \Device\USBFDO-1 86D48500 Device \Driver\usbuhci \Device\USBFDO-2 86D48500 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 860701F8 Device \Driver\usbuhci \Device\USBFDO-3 86D48500 Device \FileSystem\MRxSmb \Device\LanmanRedirector 860701F8 Device \Driver\Ftdisk \Device\FtControl 86FD91F8 Device \Driver\usbehci \Device\USBFDO-4 86D3B500 Device \FileSystem\Fastfat \Fat 86F6C1F8 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET) Device \FileSystem\Cdfs \Cdfs 85C57500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 ---- EOF - GMER 1.0.15 ----