GMER 1.0.15.15572 - http://www.gmer.net Rootkit scan 2011-05-02 13:27:58 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST380011A rev.8.01 Running: ummlnni7.exe; Driver: C:\DOCUME~1\hubol\USTAWI~1\Temp\kgndapob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB82089CA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB825DA68] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB8228AF5] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB820AEAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB820AF04] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB820B01A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB82284A9] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB820AE02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB820AF54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB820AE56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB820AFC8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB82089EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB82291BB] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB8229471] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB820B29E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB8229026] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB8228E91] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB825DB18] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB82087B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB8208A12] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB820B412] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB82094AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB820AEDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB820AF2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB820B044] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB8228805] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB820AE2E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB820B0D6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB820AF94] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB820AE84] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB820B1BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB820AFF2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB825DBB0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB8228D0C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB8209370] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB8228B5E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB8265E26] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB8227B1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB8208A36] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB8208A5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB8208812] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB820894E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB82292C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB820892A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB8208972] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB8208A7E] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB82728DE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP B826FD38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056B712 4 Bytes CALL B8209E25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC60 7 Bytes JMP B82728E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F84D 5 Bytes JMP B826E29E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9BE7360, 0x2F2EA7, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[680] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00150030 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[680] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0015006C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[680] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 006201D4 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[680] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 006200E4 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[680] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00620120 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[680] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 0062015C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[680] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00620198 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[680] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00620030 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[680] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 0062006C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[680] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 006200A8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[680] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 006300E4 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[680] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00630120 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[680] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 006300A8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[680] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00630030 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[680] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0063006C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[680] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 10402342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[740] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00150030 .text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[740] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0015006C .text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[740] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E01D4 .text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[740] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E00E4 .text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[740] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0120 .text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[740] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E015C .text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[740] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0198 .text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[740] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E0030 .text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[740] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E006C .text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[740] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E00A8 .text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[740] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F00E4 .text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[740] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0120 .text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[740] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F00A8 .text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[740] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F0030 .text C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe[740] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F006C .text C:\WINDOWS\system32\nvsvc32.exe[776] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00140030 .text C:\WINDOWS\system32\nvsvc32.exe[776] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0014006C .text C:\WINDOWS\system32\nvsvc32.exe[776] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D00E4 .text C:\WINDOWS\system32\nvsvc32.exe[776] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0120 .text C:\WINDOWS\system32\nvsvc32.exe[776] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D00A8 .text C:\WINDOWS\system32\nvsvc32.exe[776] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D0030 .text C:\WINDOWS\system32\nvsvc32.exe[776] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D006C .text C:\WINDOWS\system32\nvsvc32.exe[776] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E01D4 .text C:\WINDOWS\system32\nvsvc32.exe[776] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E00E4 .text C:\WINDOWS\system32\nvsvc32.exe[776] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0120 .text C:\WINDOWS\system32\nvsvc32.exe[776] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E015C .text C:\WINDOWS\system32\nvsvc32.exe[776] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0198 .text C:\WINDOWS\system32\nvsvc32.exe[776] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E0030 .text C:\WINDOWS\system32\nvsvc32.exe[776] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E006C .text C:\WINDOWS\system32\nvsvc32.exe[776] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E00A8 .text C:\WINDOWS\system32\spoolsv.exe[856] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\spoolsv.exe[856] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\spoolsv.exe[856] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003001D4 .text C:\WINDOWS\system32\spoolsv.exe[856] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003000E4 .text C:\WINDOWS\system32\spoolsv.exe[856] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300120 .text C:\WINDOWS\system32\spoolsv.exe[856] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 0030015C .text C:\WINDOWS\system32\spoolsv.exe[856] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300198 .text C:\WINDOWS\system32\spoolsv.exe[856] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00300030 .text C:\WINDOWS\system32\spoolsv.exe[856] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 0030006C .text C:\WINDOWS\system32\spoolsv.exe[856] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003000A8 .text C:\WINDOWS\system32\spoolsv.exe[856] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003100E4 .text C:\WINDOWS\system32\spoolsv.exe[856] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310120 .text C:\WINDOWS\system32\spoolsv.exe[856] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003100A8 .text C:\WINDOWS\system32\spoolsv.exe[856] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00310030 .text C:\WINDOWS\system32\spoolsv.exe[856] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0031006C .text C:\Program Files\cFosSpeed\spd.exe[888] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00150030 .text C:\Program Files\cFosSpeed\spd.exe[888] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0015006C .text C:\Program Files\cFosSpeed\spd.exe[888] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E01D4 .text C:\Program Files\cFosSpeed\spd.exe[888] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E00E4 .text C:\Program Files\cFosSpeed\spd.exe[888] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0120 .text C:\Program Files\cFosSpeed\spd.exe[888] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E015C .text C:\Program Files\cFosSpeed\spd.exe[888] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0198 .text C:\Program Files\cFosSpeed\spd.exe[888] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E0030 .text C:\Program Files\cFosSpeed\spd.exe[888] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E006C .text C:\Program Files\cFosSpeed\spd.exe[888] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E00A8 .text C:\Program Files\cFosSpeed\spd.exe[888] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F00E4 .text C:\Program Files\cFosSpeed\spd.exe[888] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0120 .text C:\Program Files\cFosSpeed\spd.exe[888] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F00A8 .text C:\Program Files\cFosSpeed\spd.exe[888] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F0030 .text C:\Program Files\cFosSpeed\spd.exe[888] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F006C .text C:\WINDOWS\system32\winlogon.exe[1136] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00070030 .text C:\WINDOWS\system32\winlogon.exe[1136] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0007006C .text C:\WINDOWS\system32\winlogon.exe[1136] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003001D4 .text C:\WINDOWS\system32\winlogon.exe[1136] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003000E4 .text C:\WINDOWS\system32\winlogon.exe[1136] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300120 .text C:\WINDOWS\system32\winlogon.exe[1136] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 0030015C .text C:\WINDOWS\system32\winlogon.exe[1136] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300198 .text C:\WINDOWS\system32\winlogon.exe[1136] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00300030 .text C:\WINDOWS\system32\winlogon.exe[1136] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 0030006C .text C:\WINDOWS\system32\winlogon.exe[1136] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003000A8 .text C:\WINDOWS\system32\winlogon.exe[1136] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003100E4 .text C:\WINDOWS\system32\winlogon.exe[1136] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310120 .text C:\WINDOWS\system32\winlogon.exe[1136] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003100A8 .text C:\WINDOWS\system32\winlogon.exe[1136] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00310030 .text C:\WINDOWS\system32\winlogon.exe[1136] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0031006C .text C:\WINDOWS\system32\services.exe[1180] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\services.exe[1180] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\services.exe[1180] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003001D4 .text C:\WINDOWS\system32\services.exe[1180] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003000E4 .text C:\WINDOWS\system32\services.exe[1180] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300120 .text C:\WINDOWS\system32\services.exe[1180] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 0030015C .text C:\WINDOWS\system32\services.exe[1180] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300198 .text C:\WINDOWS\system32\services.exe[1180] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00300030 .text C:\WINDOWS\system32\services.exe[1180] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 0030006C .text C:\WINDOWS\system32\services.exe[1180] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003000A8 .text C:\WINDOWS\system32\services.exe[1180] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003100E4 .text C:\WINDOWS\system32\services.exe[1180] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310120 .text C:\WINDOWS\system32\services.exe[1180] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003100A8 .text C:\WINDOWS\system32\services.exe[1180] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00310030 .text C:\WINDOWS\system32\services.exe[1180] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0031006C .text C:\WINDOWS\system32\lsass.exe[1192] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\lsass.exe[1192] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\lsass.exe[1192] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003001D4 .text C:\WINDOWS\system32\lsass.exe[1192] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003000E4 .text C:\WINDOWS\system32\lsass.exe[1192] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300120 .text C:\WINDOWS\system32\lsass.exe[1192] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 0030015C .text C:\WINDOWS\system32\lsass.exe[1192] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300198 .text C:\WINDOWS\system32\lsass.exe[1192] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00300030 .text C:\WINDOWS\system32\lsass.exe[1192] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 0030006C .text C:\WINDOWS\system32\lsass.exe[1192] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003000A8 .text C:\WINDOWS\system32\lsass.exe[1192] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003100E4 .text C:\WINDOWS\system32\lsass.exe[1192] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310120 .text C:\WINDOWS\system32\lsass.exe[1192] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003100A8 .text C:\WINDOWS\system32\lsass.exe[1192] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00310030 .text C:\WINDOWS\system32\lsass.exe[1192] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0031006C .text C:\WINDOWS\Explorer.EXE[1356] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00090030 .text C:\WINDOWS\Explorer.EXE[1356] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0009006C .text C:\WINDOWS\Explorer.EXE[1356] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003101D4 .text C:\WINDOWS\Explorer.EXE[1356] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003100E4 .text C:\WINDOWS\Explorer.EXE[1356] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00310120 .text C:\WINDOWS\Explorer.EXE[1356] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 0031015C .text C:\WINDOWS\Explorer.EXE[1356] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00310198 .text C:\WINDOWS\Explorer.EXE[1356] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00310030 .text C:\WINDOWS\Explorer.EXE[1356] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 0031006C .text C:\WINDOWS\Explorer.EXE[1356] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003100A8 .text C:\WINDOWS\Explorer.EXE[1356] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003200E4 .text C:\WINDOWS\Explorer.EXE[1356] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320120 .text C:\WINDOWS\Explorer.EXE[1356] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003200A8 .text C:\WINDOWS\Explorer.EXE[1356] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00320030 .text C:\WINDOWS\Explorer.EXE[1356] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0032006C .text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003001D4 .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003000E4 .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300120 .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 0030015C .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300198 .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00300030 .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 0030006C .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003000A8 .text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003100E4 .text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310120 .text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003100A8 .text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00310030 .text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0031006C .text C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003001D4 .text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003000E4 .text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300120 .text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 0030015C .text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300198 .text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00300030 .text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 0030006C .text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003000A8 .text C:\WINDOWS\system32\svchost.exe[1452] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003100E4 .text C:\WINDOWS\system32\svchost.exe[1452] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310120 .text C:\WINDOWS\system32\svchost.exe[1452] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003100A8 .text C:\WINDOWS\system32\svchost.exe[1452] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00310030 .text C:\WINDOWS\system32\svchost.exe[1452] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0031006C .text C:\WINDOWS\System32\svchost.exe[1484] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00090030 .text C:\WINDOWS\System32\svchost.exe[1484] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0009006C .text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003001D4 .text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003000E4 .text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300120 .text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 0030015C .text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300198 .text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00300030 .text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 0030006C .text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003000A8 .text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003100E4 .text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310120 .text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003100A8 .text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00310030 .text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0031006C .text C:\Program Files\cFosSpeed\cFosSpeed.exe[1536] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00150030 .text C:\Program Files\cFosSpeed\cFosSpeed.exe[1536] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0015006C .text C:\Program Files\cFosSpeed\cFosSpeed.exe[1536] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E01D4 .text C:\Program Files\cFosSpeed\cFosSpeed.exe[1536] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E00E4 .text C:\Program Files\cFosSpeed\cFosSpeed.exe[1536] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0120 .text C:\Program Files\cFosSpeed\cFosSpeed.exe[1536] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E015C .text C:\Program Files\cFosSpeed\cFosSpeed.exe[1536] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0198 .text C:\Program Files\cFosSpeed\cFosSpeed.exe[1536] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E0030 .text C:\Program Files\cFosSpeed\cFosSpeed.exe[1536] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E006C .text C:\Program Files\cFosSpeed\cFosSpeed.exe[1536] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E00A8 .text C:\Program Files\cFosSpeed\cFosSpeed.exe[1536] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F00E4 .text C:\Program Files\cFosSpeed\cFosSpeed.exe[1536] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0120 .text C:\Program Files\cFosSpeed\cFosSpeed.exe[1536] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F00A8 .text C:\Program Files\cFosSpeed\cFosSpeed.exe[1536] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F0030 .text C:\Program Files\cFosSpeed\cFosSpeed.exe[1536] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F006C .text C:\WINDOWS\System32\alg.exe[1624] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00090030 .text C:\WINDOWS\System32\alg.exe[1624] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0009006C .text C:\WINDOWS\System32\alg.exe[1624] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003000E4 .text C:\WINDOWS\System32\alg.exe[1624] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300120 .text C:\WINDOWS\System32\alg.exe[1624] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003000A8 .text C:\WINDOWS\System32\alg.exe[1624] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00300030 .text C:\WINDOWS\System32\alg.exe[1624] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0030006C .text C:\WINDOWS\System32\alg.exe[1624] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003101D4 .text C:\WINDOWS\System32\alg.exe[1624] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003100E4 .text C:\WINDOWS\System32\alg.exe[1624] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00310120 .text C:\WINDOWS\System32\alg.exe[1624] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 0031015C .text C:\WINDOWS\System32\alg.exe[1624] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00310198 .text C:\WINDOWS\System32\alg.exe[1624] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00310030 .text C:\WINDOWS\System32\alg.exe[1624] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 0031006C .text C:\WINDOWS\System32\alg.exe[1624] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003100A8 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003001D4 .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003000E4 .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300120 .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 0030015C .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300198 .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00300030 .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 0030006C .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003000A8 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003100E4 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310120 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003100A8 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00310030 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0031006C .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003001D4 .text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003000E4 .text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300120 .text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 0030015C .text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300198 .text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00300030 .text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 0030006C .text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003000A8 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003100E4 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310120 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003100A8 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00310030 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0031006C .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1908] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Documents and Settings\hubol\Pulpit\ummlnni7.exe[2336] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00150030 .text C:\Documents and Settings\hubol\Pulpit\ummlnni7.exe[2336] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0015006C .text C:\WINDOWS\system32\taskmgr.exe[2452] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A0030 .text C:\WINDOWS\system32\taskmgr.exe[2452] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000A006C .text C:\WINDOWS\system32\taskmgr.exe[2452] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003101D4 .text C:\WINDOWS\system32\taskmgr.exe[2452] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003100E4 .text C:\WINDOWS\system32\taskmgr.exe[2452] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00310120 .text C:\WINDOWS\system32\taskmgr.exe[2452] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 0031015C .text C:\WINDOWS\system32\taskmgr.exe[2452] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00310198 .text C:\WINDOWS\system32\taskmgr.exe[2452] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00310030 .text C:\WINDOWS\system32\taskmgr.exe[2452] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 0031006C .text C:\WINDOWS\system32\taskmgr.exe[2452] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003100A8 .text C:\WINDOWS\system32\taskmgr.exe[2452] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003200E4 .text C:\WINDOWS\system32\taskmgr.exe[2452] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320120 .text C:\WINDOWS\system32\taskmgr.exe[2452] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003200A8 .text C:\WINDOWS\system32\taskmgr.exe[2452] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00320030 .text C:\WINDOWS\system32\taskmgr.exe[2452] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0032006C .text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003001D4 .text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003000E4 .text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300120 .text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 0030015C .text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300198 .text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00300030 .text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 0030006C .text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003000A8 .text C:\WINDOWS\system32\svchost.exe[2704] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003100E4 .text C:\WINDOWS\system32\svchost.exe[2704] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310120 .text C:\WINDOWS\system32\svchost.exe[2704] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003100A8 .text C:\WINDOWS\system32\svchost.exe[2704] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00310030 .text C:\WINDOWS\system32\svchost.exe[2704] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0031006C .text C:\WINDOWS\system32\wuauclt.exe[3124] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A0030 .text C:\WINDOWS\system32\wuauclt.exe[3124] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000A006C .text C:\WINDOWS\system32\wuauclt.exe[3124] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003801D4 .text C:\WINDOWS\system32\wuauclt.exe[3124] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003800E4 .text C:\WINDOWS\system32\wuauclt.exe[3124] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00380120 .text C:\WINDOWS\system32\wuauclt.exe[3124] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 0038015C .text C:\WINDOWS\system32\wuauclt.exe[3124] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00380198 .text C:\WINDOWS\system32\wuauclt.exe[3124] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00380030 .text C:\WINDOWS\system32\wuauclt.exe[3124] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 0038006C .text C:\WINDOWS\system32\wuauclt.exe[3124] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003800A8 .text C:\WINDOWS\system32\wuauclt.exe[3124] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003900E4 .text C:\WINDOWS\system32\wuauclt.exe[3124] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390120 .text C:\WINDOWS\system32\wuauclt.exe[3124] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003900A8 .text C:\WINDOWS\system32\wuauclt.exe[3124] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00390030 .text C:\WINDOWS\system32\wuauclt.exe[3124] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 0039006C .text C:\WINDOWS\system32\wuauclt.exe[3124] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free\AutoScreenRecorder.exe[3252] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00150030 .text C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free\AutoScreenRecorder.exe[3252] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0015006C .text C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free\AutoScreenRecorder.exe[3252] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F00E4 .text C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free\AutoScreenRecorder.exe[3252] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0120 .text C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free\AutoScreenRecorder.exe[3252] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F00A8 .text C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free\AutoScreenRecorder.exe[3252] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F0030 .text C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free\AutoScreenRecorder.exe[3252] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F006C .text C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free\AutoScreenRecorder.exe[3252] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 008A01D4 .text C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free\AutoScreenRecorder.exe[3252] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 008A00E4 .text C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free\AutoScreenRecorder.exe[3252] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 008A0120 .text C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free\AutoScreenRecorder.exe[3252] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 008A015C .text C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free\AutoScreenRecorder.exe[3252] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 008A0198 .text C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free\AutoScreenRecorder.exe[3252] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 008A0030 .text C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free\AutoScreenRecorder.exe[3252] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 008A006C .text C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free\AutoScreenRecorder.exe[3252] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 008A00A8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00150030 .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0015006C .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 007001D4 .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 007000E4 .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00700120 .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 0070015C .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00700198 .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00700030 .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 0070006C .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 007000A8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 007100E4 .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00710120 .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 007100A8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00710030 .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0071006C ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[1180] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002 IAT C:\WINDOWS\system32\services.exe[1180] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Files - GMER 1.0.15 ---- File C:\## aswSnx private storage 0 bytes File C:\## aswSnx private storage\r16 0 bytes File C:\## aswSnx private storage\snx_rhive 262144 bytes File C:\## aswSnx private storage\snx_rhive.LOG 1024 bytes File C:\WINDOWS\KB2419632.log 0 bytes File C:\WINDOWS\KB2478960.log 0 bytes File C:\WINDOWS\KB2506212.log 0 bytes File C:\WINDOWS\KB2509553.log 0 bytes File C:\WINDOWS\KB954459.log 0 bytes File C:\WINDOWS\KB956802.log 0 bytes File C:\WINDOWS\KB960803.log 0 bytes File C:\WINDOWS\KB967715.log 0 bytes File C:\WINDOWS\KB2478960.log 0 bytes File C:\WINDOWS\KB968389.log 3735 bytes ---- EOF - GMER 1.0.15 ----