nettiliittymä suljettu 2krt viikona aikana haittaliikenteen vuoksi..

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

tiistai 20.5.2025 / 22:14

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > nettiliittymä suljettu 2krt viikona aikana haittaliikenteen vuoksi..

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

nettiliittymä suljettu 2krt viikona aikana haittaliikenteen vuoksi..

Siirry:

Kirjoittaja

Viesti

tramal200

Junior Member

18. helmikuuta 2013 @ 16:07

Linkki tähän viestiin

Oiskohan näissä jotain ihmeellisyyksiä ja mitä pitäis tehdä? MBAM ja erinäisiä netticsannereita ajettu läpi useampia ja mikään ei löydä mitään.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:03:15, on 18.2.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\AdFender\AdFender.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - Global Startup: AdFender.lnk = C:\Program Files (x86)\AdFender\AdFender.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Ohjelmien yhteensopivuusapuohjelma -palvelu (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 19628 bytes

GMER 2.1.18952 - http://www.gmer.net
Rootkit scan 2013-02-18 15:52:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 WDC_WD6400AAKS-00A7B0 rev.01.03B01 596,17GB
Running: gmer.exe; Driver: C:\Users\SS\AppData\Local\Temp\pxldypoc.sys

---- Kernel code sections - GMER 2.1 ----

.text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88002fc9d64 12 bytes {MOV RAX, 0xfffffa8004de32a0; JMP RAX}

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\wininit.exe[516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
.text C:\Windows\system32\services.exe[564] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[708] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[972] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[364] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
.text C:\Windows\Explorer.EXE[1528] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[1620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1788] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007542a30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ee1465 2 bytes [EE, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ee14bb 2 bytes [EE, 75]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077803ae0 5 bytes JMP 00000001001a075c
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077807a90 5 bytes JMP 00000001001a03a4
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077831490 5 bytes JMP 00000001001a0b14
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000778314f0 5 bytes JMP 00000001001a0ecc
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778315d0 5 bytes JMP 00000001001a163c
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077831810 5 bytes JMP 00000001001a1284
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077832840 5 bytes JMP 00000001001a19f4
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2584] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007542a30a 1 byte [62]
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000779dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000779dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000779e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a01217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007542a30a 1 byte [62]
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ee1465 2 bytes [EE, 75]
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ee14bb 2 bytes [EE, 75]
.text ... * 2
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000770e5181 5 bytes JMP 0000000100101014
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000770e5254 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000770e53d5 5 bytes JMP 0000000100100a08
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000770e54c2 5 bytes JMP 0000000100100c0c
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000770e55e2 5 bytes JMP 0000000100100e10
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000770e567c 5 bytes JMP 00000001001001f8
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000770e589f 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000770e5a22 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000755cee09 5 bytes JMP 00000001001101f8
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000755d3982 5 bytes JMP 00000001001103fc
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000755d7603 5 bytes JMP 0000000100110804
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000755d835c 5 bytes JMP 0000000100110600
.text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000755ef52b 5 bytes JMP 0000000100110a08
.text C:\Windows\system32\wbem\unsecapp.exe[2804] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac
.text C:\Windows\system32\wbem\unsecapp.exe[2804] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc
.text C:\Windows\system32\wbem\unsecapp.exe[2804] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284
.text C:\Windows\system32\wbem\unsecapp.exe[2804] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c
.text C:\Windows\system32\wbem\unsecapp.exe[2804] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4
.text C:\Windows\system32\wbem\unsecapp.exe[2804] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4
.text C:\Windows\system32\wbem\unsecapp.exe[2804] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c
.text C:\Windows\system32\wbem\unsecapp.exe[2804] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14
.text C:\Windows\system32\wbem\wmiprvse.exe[2876] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[2876] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac
.text C:\Windows\system32\wbem\wmiprvse.exe[2876] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[2876] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284
.text C:\Windows\system32\wbem\wmiprvse.exe[2876] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c
.text C:\Windows\system32\wbem\wmiprvse.exe[2876] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4
.text C:\Windows\system32\wbem\wmiprvse.exe[2876] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4
.text C:\Windows\system32\wbem\wmiprvse.exe[2876] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c
.text C:\Windows\system32\wbem\wmiprvse.exe[2876] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077803ae0 5 bytes JMP 000000010009075c
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077807a90 5 bytes JMP 00000001000903a4
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077831490 5 bytes JMP 0000000100090b14
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000778314f0 5 bytes JMP 0000000100090ecc
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778315d0 5 bytes JMP 000000010009163c
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077831810 5 bytes JMP 0000000100091284
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077832840 5 bytes JMP 00000001000919f4
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077803ae0 5 bytes JMP 00000001003b075c
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077807a90 5 bytes JMP 00000001003b03a4
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077831490 5 bytes JMP 00000001003b0b14
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000778314f0 5 bytes JMP 00000001003b0ecc
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778315d0 3 bytes JMP 00000001003b163c
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 00000000778315d4 1 byte [88]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077831810 5 bytes JMP 00000001003b1284
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077832840 5 bytes JMP 00000001003b19f4
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000779dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000779dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000779e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a01217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007542a30a 1 byte [62]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000755cee09 5 bytes JMP 00000001000a01f8
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000755d3982 5 bytes JMP 00000001000a03fc
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000755d7603 5 bytes JMP 00000001000a0804
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000755d835c 5 bytes JMP 00000001000a0600
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000755ef52b 5 bytes JMP 00000001000a0a08
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000770e5181 5 bytes JMP 0000000100161014
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000770e5254 5 bytes JMP 0000000100160804
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000770e53d5 5 bytes JMP 0000000100160a08
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000770e54c2 5 bytes JMP 0000000100160c0c
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000770e55e2 5 bytes JMP 0000000100160e10
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000770e567c 5 bytes JMP 00000001001601f8
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000770e589f 5 bytes JMP 00000001001603fc
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000770e5a22 5 bytes JMP 0000000100160600
.text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077803ae0 5 bytes JMP 00000001002c075c
.text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077807a90 5 bytes JMP 00000001002c03a4
.text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077831490 5 bytes JMP 00000001002c0b14
.text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000778314f0 5 bytes JMP 00000001002c0ecc
.text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778315d0 5 bytes JMP 00000001002c163c
.text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077831810 5 bytes JMP 00000001002c1284
.text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077832840 5 bytes JMP 00000001002c19f4
.text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac
.text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc
.text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284
.text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c
.text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4
.text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4
.text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c
.text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2600] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2600] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2600] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2600] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2600] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14
.text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077803ae0 5 bytes JMP 000000010019075c
.text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077807a90 5 bytes JMP 00000001001903a4
.text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077831490 5 bytes JMP 0000000100190b14
.text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000778314f0 5 bytes JMP 0000000100190ecc
.text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778315d0 5 bytes JMP 000000010019163c
.text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077831810 5 bytes JMP 0000000100191284
.text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077832840 5 bytes JMP 00000001001919f4
.text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac
.text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc
.text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284
.text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c
.text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4
.text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4
.text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c
.text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14
.text C:\Windows\system32\AUDIODG.EXE[3992] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000779dfaa0 5 bytes JMP 0000000100030600
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000779dfb38 5 bytes JMP 0000000100030804
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779dfc90 5 bytes JMP 0000000100030c0c
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000779e0018 5 bytes JMP 0000000100030a08
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779e1900 5 bytes JMP 0000000100030e10
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779fc45a 5 bytes JMP 00000001000301f8
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a01217 5 bytes JMP 00000001000303fc
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007542a30a 1 byte [62]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000755cee09 5 bytes JMP 00000001000901f8
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000755d3982 5 bytes JMP 00000001000903fc
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000755d7603 5 bytes JMP 0000000100090804
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000755d835c 5 bytes JMP 0000000100090600
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000755ef52b 5 bytes JMP 0000000100090a08
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000770e5181 5 bytes JMP 00000001000a1014
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000770e5254 5 bytes JMP 00000001000a0804
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000770e53d5 5 bytes JMP 00000001000a0a08
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000770e54c2 5 bytes JMP 00000001000a0c0c
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000770e55e2 5 bytes JMP 00000001000a0e10
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000770e567c 5 bytes JMP 00000001000a01f8
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000770e589f 5 bytes JMP 00000001000a03fc
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000770e5a22 5 bytes JMP 00000001000a0600
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ee1465 2 bytes [EE, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ee14bb 2 bytes [EE, 75]
.text ... * 2
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000779df991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 00000000779df99b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 00000000779dfa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 00000000779dfa17 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000779dfaa0 5 bytes JMP 0000000100130600
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 00000000779dfb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 00000000779dfb2f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000779dfb38 5 bytes JMP 0000000100130804
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000779dfbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 00000000779dfbdf 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000779dfc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 00000000779dfc0f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000779dfc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 00000000779dfc27 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000779dfc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 00000000779dfc3f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000779dfc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 00000000779dfc6f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779dfc90 5 bytes JMP 0000000100130c0c
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000779dfce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 00000000779dfcef 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000779dfcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 00000000779dfd07 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000779dfd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 00000000779dfd53 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 00000000779dfdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 00000000779dfdb7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000779dfe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 00000000779dfe4b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 00000000779dff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 00000000779dff93 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000779e0018 5 bytes JMP 0000000100130a08
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000779e0099 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 00000000779e00a3 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 00000000779e0781 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 00000000779e078b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 00000000779e0ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 00000000779e1007 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 00000000779e105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 00000000779e1067 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000779e10a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 00000000779e10af 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000779e111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 00000000779e1127 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000779e1321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 00000000779e132b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779e1900 5 bytes JMP 0000000100130e10
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779fc45a 5 bytes JMP 00000001001301f8
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a01217 5 bytes JMP 00000001001303fc
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\KERNEL32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000100020030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000100020070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007542a30a 1 byte [62]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 000000007584119f 5 bytes JMP 0000000100030030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 00000000758411cf 5 bytes JMP 0000000100030070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000075894de0 3 bytes JMP 00000001001503b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps + 4 0000000075894de4 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SelectObject 0000000075894f70 3 bytes JMP 00000001001505f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SelectObject + 4 0000000075894f74 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetBkMode 00000000758951a2 3 bytes JMP 00000001001508f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetBkMode + 4 00000000758951a6 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetTextColor 000000007589522d 3 bytes JMP 0000000100150a30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetTextColor + 4 0000000075895231 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!DeleteObject 0000000075895689 3 bytes JMP 00000001001501b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!DeleteObject + 4 000000007589568d 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758958b3 3 bytes JMP 0000000100150170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!DeleteDC + 4 00000000758958b7 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 0000000075896bad 3 bytes JMP 0000000100150370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetCurrentObject + 4 0000000075896bb1 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SaveDC 0000000075896e05 3 bytes JMP 0000000100150570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SaveDC + 4 0000000075896e09 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!RestoreDC 0000000075896ead 3 bytes JMP 0000000100150530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!RestoreDC + 4 0000000075896eb1 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 0000000075897180 3 bytes JMP 00000001001506b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode + 4 0000000075897184 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!StretchDIBits 0000000075897435 3 bytes JMP 0000000100150770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!StretchDIBits + 4 0000000075897439 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075897bcc 3 bytes JMP 00000001001500b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!CreateDCA + 4 0000000075897bd0 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 0000000075897dc4 3 bytes JMP 00000001001503f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!IntersectClipRect + 4 0000000075897dc8 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextAlign 0000000075897fd5 3 bytes JMP 0000000100150d70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextAlign + 4 0000000075897fd9 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 00000000758982b2 3 bytes JMP 0000000100150e30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW + 4 00000000758982b6 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetTextAlign 0000000075898401 3 bytes JMP 00000001001509f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetTextAlign + 4 0000000075898405 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 000000007589879f 3 bytes JMP 00000001001502f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn + 4 00000000758987a3 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 0000000075898916 3 bytes JMP 00000001001505b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SelectClipRgn + 4 000000007589891a 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000075898b7a 3 bytes JMP 0000000100150970
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!ExtTextOutW + 4 0000000075898b7e 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!MoveToEx 0000000075898ee6 3 bytes JMP 0000000100150470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!MoveToEx + 4 0000000075898eea 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetFontData 0000000075899875 3 bytes JMP 0000000100150c70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetFontData + 4 0000000075899879 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 0000000075899936 3 bytes JMP 0000000100150d30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextFaceW + 4 000000007589993a 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!Rectangle 000000007589a53a 3 bytes JMP 00000001001509b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!Rectangle + 4 000000007589a53e 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetClipBox 000000007589af9f 3 bytes JMP 0000000100150330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetClipBox + 4 000000007589afa3 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!LineTo 000000007589b9e5 3 bytes JMP 0000000100150430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!LineTo + 4 000000007589b9e9 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetICMMode 000000007589bd55 3 bytes JMP 0000000100150db0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetICMMode + 4 000000007589bd59 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!CreateICW 000000007589c040 3 bytes JMP 0000000100150130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!CreateICW + 4 000000007589c044 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 000000007589c107 3 bytes JMP 0000000100150670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W + 4 000000007589c10b 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 000000007589c269 3 bytes JMP 00000001001506f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetWorldTransform + 4 000000007589c26d 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 000000007589d1f1 3 bytes JMP 0000000100150df0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA + 4 000000007589d1f5 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 000000007589d349 3 bytes JMP 0000000100150630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A + 4 000000007589d34d 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 000000007589dce4 3 bytes JMP 0000000100150930
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!ExtTextOutA + 4 000000007589dce8 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007589e743 3 bytes JMP 00000001001500f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!CreateDCW + 4 000000007589e747 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!ExtEscape 00000000758a03b7 5 bytes JMP 00000001001502b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!Escape 00000000758a1bda 5 bytes JMP 0000000100150270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 00000000758a1e89 5 bytes JMP 0000000100150cf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 00000000758a4843 5 bytes JMP 0000000100150b30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 00000000758a5690 5 bytes JMP 0000000100150b70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!EndPage 00000000758a6bde 5 bytes JMP 0000000100150230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!ResetDCW 00000000758ae2db 5 bytes JMP 0000000100150ab0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 00000000758b940d 5 bytes JMP 0000000100150cb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 00000000758bc621 5 bytes JMP 0000000100150bb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 00000000758bd2b2 5 bytes JMP 0000000100150bf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 00000000758bd919 5 bytes JMP 0000000100150c30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!AbortDoc 00000000758c3adc 5 bytes JMP 0000000100150030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!EndDoc 00000000758c3f29 5 bytes JMP 00000001001501f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!StartPage 00000000758c401a 5 bytes JMP 0000000100150730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!StartDocW 00000000758c4c51 5 bytes JMP 00000001001507f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000758c53fd 5 bytes JMP 0000000100150830
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SelectClipPath 00000000758c5454 5 bytes JMP 0000000100150af0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!CloseFigure 00000000758c54af 5 bytes JMP 0000000100150070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!EndPath 00000000758c5506 5 bytes JMP 0000000100150a70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!StrokePath 00000000758c573f 5 bytes JMP 00000001001507b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!FillPath 00000000758c57d2 5 bytes JMP 0000000100150870
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!PolylineTo 00000000758c5c44 5 bytes JMP 00000001001504f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 00000000758c5cd5 5 bytes JMP 00000001001504b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!PolyDraw 00000000758c5d87 5 bytes JMP 00000001001508b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!MapWindowPoints 00000000755c8c40 5 bytes JMP 0000000100160570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 00000000755c9ebd 5 bytes JMP 00000001001602b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000755cee09 5 bytes JMP 00000001001701f8
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 00000000755d0afa 5 bytes JMP 00000001001602f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!GetClientRect 00000000755d0c62 7 bytes JMP 00000001001605b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!GetParent 00000000755d0f68 7 bytes JMP 00000001001606f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!IsWindowVisible 00000000755d112d 7 bytes JMP 00000001001606b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000755d12a5 5 bytes JMP 00000001001605f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!ScreenToClient 00000000755d227d 7 bytes JMP 0000000100160670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 00000000755d3150 7 bytes JMP 0000000100160630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000755d3982 5 bytes JMP 00000001001703fc
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!SetCursor 00000000755d41f6 5 bytes JMP 0000000100160530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 00000000755d68ef 5 bytes JMP 0000000100160270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000755d7603 5 bytes JMP 0000000100170804
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 00000000755d77fa 5 bytes JMP 0000000100160230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!GetTopWindow 00000000755d7887 7 bytes JMP 0000000100160730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000755d835c 5 bytes JMP 0000000100170600
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 00000000755d8676 5 bytes JMP 00000001001600f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 00000000755d8696 5 bytes JMP 0000000100160330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!CloseClipboard 00000000755d8e8d 5 bytes JMP 00000001001600b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!OpenClipboard 00000000755d8ecb 5 bytes JMP 0000000100160070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 00000000755dc17b 5 bytes JMP 0000000100160430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 00000000755dc449 5 bytes JMP 00000001001601b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 00000000755dc468 5 bytes JMP 00000001001603f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 00000000755dc486 5 bytes JMP 00000001001601f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000755dc4b6 5 bytes JMP 00000001001604b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 00000000755dd6c0 5 bytes JMP 00000001001604f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 00000000755de360 5 bytes JMP 0000000100160370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000755ef52b 5 bytes JMP 0000000100170a08
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075608e57 5 bytes JMP 0000000100160170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075609cfd 5 bytes JMP 0000000100160770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075609f1d 5 bytes JMP 0000000100160030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000075627cb9 5 bytes JMP 0000000100160130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 0000000075628111 5 bytes JMP 0000000100160470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 000000007562832f 5 bytes JMP 00000001001603b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000770e5181 5 bytes JMP 0000000100181014
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000770e5254 5 bytes JMP 0000000100180804
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000770e53d5 5 bytes JMP 0000000100180a08
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000770e54c2 5 bytes JMP 0000000100180c0c
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000770e55e2 5 bytes JMP 0000000100180e10
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000770e567c 5 bytes JMP 00000001001801f8
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000770e589f 5 bytes JMP 00000001001803fc
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000770e5a22 5 bytes JMP 0000000100180600
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 00000000750b9606 5 bytes JMP 00000001001900f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 00000000750c0581 5 bytes JMP 0000000100190130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 00000000750c0bb9 5 bytes JMP 0000000100190270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 00000000750c0c2e 5 bytes JMP 00000001001901b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 00000000750c0f2e 5 bytes JMP 0000000100190070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 00000000750c1096 5 bytes JMP 00000001001900b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000750c124e 5 bytes JMP 00000001001901f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000750c129d 5 bytes JMP 0000000100190230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 00000000750c1527 5 bytes JMP 0000000100190030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 00000000750c1590 5 bytes JMP 0000000100190170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000075a70045 5 bytes JMP 00000001001a0030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 0000000075a736b2 5 bytes JMP 00000001001a0070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\ole32.dll!OleGetClipboard 0000000075a9fdcd 5 bytes JMP 00000001001a00b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ee1465 2 bytes [EE, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ee14bb 2 bytes [EE, 75]
.text ... * 2
.text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000779dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000779dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000779e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a01217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007542a30a 1 byte [62]
.text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000755cee09 5 bytes JMP 00000001001a01f8
.text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000755d3982 5 bytes JMP 00000001001a03fc
.text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000755d7603 5 bytes JMP 00000001001a0804
.text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000755d835c 5 bytes JMP 00000001001a0600
.text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000755ef52b 5 bytes JMP 00000001001a0a08
.text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000770e5181 5 bytes JMP 00000001001b1014
.text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000770e5254 5 bytes JMP 00000001001b0804
.text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000770e53d5 5 bytes JMP 00000001001b0a08
.text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000770e54c2 5 bytes JMP 00000001001b0c0c
.text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000770e55e2 5 bytes JMP 00000001001b0e10
.text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000770e567c 5 bytes JMP 00000001001b01f8
.text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000770e589f 5 bytes JMP 00000001001b03fc
.text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000770e5a22 5 bytes JMP 00000001001b0600
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000779dfaa0 5 bytes JMP 00000001000a0600
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000779dfb38 5 bytes JMP 00000001000a0804
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779dfc90 5 bytes JMP 00000001000a0c0c
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000779e0018 5 bytes JMP 00000001000a0a08
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779e1900 5 bytes JMP 00000001000a0e10
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779fc45a 5 bytes JMP 00000001000a01f8
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a01217 5 bytes JMP 00000001000a03fc
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007542a30a 1 byte [62]
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000770e5181 5 bytes JMP 00000001000b1014
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000770e5254 5 bytes JMP 00000001000b0804
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000770e53d5 5 bytes JMP 00000001000b0a08
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000770e54c2 5 bytes JMP 00000001000b0c0c
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000770e55e2 5 bytes JMP 00000001000b0e10
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000770e567c 5 bytes JMP 00000001000b01f8
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000770e589f 5 bytes JMP 00000001000b03fc
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000770e5a22 5 bytes JMP 00000001000b0600
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000755cee09 5 bytes JMP 00000001000c01f8
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000755d3982 5 bytes JMP 00000001000c03fc
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000755d7603 5 bytes JMP 00000001000c0804
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000755d835c 5 bytes JMP 00000001000c0600
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000755ef52b 5 bytes JMP 00000001000c0a08
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ee1465 2 bytes [EE, 75]
.text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ee14bb 2 bytes [EE, 75]
.text ... * 2
.text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077803ae0 5 bytes JMP 000000010013075c
.text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077807a90 5 bytes JMP 00000001001303a4
.text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077831490 5 bytes JMP 0000000100130b14
.text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000778314f0 5 bytes JMP 0000000100130ecc
.text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778315d0 5 bytes JMP 000000010013163c
.text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077831810 5 bytes JMP 0000000100131284
.text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077832840 5 bytes JMP 00000001001319f4
.text C:\Windows\system32\msiexec.exe[4192] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
.text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac
.text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc
.text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284
.text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c
.text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4
.text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4
.text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c
.text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14
.text C:\Windows\system32\msiexec.exe[4192] C:\Windows\system32\USER32.dll!UnhookWinEvent 0000000077318550 5 bytes JMP 00000001002d075c
.text C:\Windows\system32\msiexec.exe[4192] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000000007731d440 5 bytes JMP 00000001002d1284
.text C:\Windows\system32\msiexec.exe[4192] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007731f874 5 bytes JMP 00000001002d0ecc
.text C:\Windows\system32\msiexec.exe[4192] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077324d4c 5 bytes JMP 00000001002d03a4
.text C:\Windows\system32\msiexec.exe[4192] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077338c20 5 bytes JMP 00000001002d0b14
.text C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac
.text C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc
.text C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284
.text C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c
.text C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4
.text C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4
.text C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c
.text C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14
.text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000779dfaa0 5 bytes JMP 0000000100030600
.text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000779dfb38 5 bytes JMP 0000000100030804
.text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779dfc90 5 bytes JMP 0000000100030c0c
.text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000779e0018 5 bytes JMP 0000000100030a08
.text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779e1900 5 bytes JMP 0000000100030e10
.text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779fc45a 5 bytes JMP 00000001000301f8
.text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a01217 5 bytes JMP 00000001000303fc
.text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007542a30a 1 byte [62]
.text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000770e5181 5 bytes JMP 0000000100241014
.text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000770e5254 5 bytes JMP 0000000100240804
.text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000770e53d5 5 bytes JMP 0000000100240a08
.text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000770e54c2 5 bytes JMP 0000000100240c0c
.text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000770e55e2 5 bytes JMP 0000000100240e10
.text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000770e567c 5 bytes JMP 00000001002401f8
.text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000770e589f 5 bytes JMP 00000001002403fc
.text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000770e5a22 5 bytes JMP 0000000100240600
.text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000755cee09 5 bytes JMP 00000001002501f8
.text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000755d3982 5 bytes JMP 00000001002503fc
.text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000755d7603 5 bytes JMP 0000000100250804
.text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000755d835c 5 bytes JMP 0000000100250600
.text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000755ef52b 5 bytes JMP 0000000100250a08

---- Kernel IAT/EAT - GMER 2.1 ----

IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800106ef1c] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800106ecc0] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800106f69c] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800106fa98] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800106f8f4] \SystemRoot\System32\Drivers\sptd.sys [.text]

---- Devices - GMER 2.1 ----

Device \Driver\atapi \Device\Ide\IdePort4 fffffa80039a52c0
Device \Driver\atapi \Device\Ide\IdePort0 fffffa80039a52c0
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-5 fffffa80039a52c0
Device \Driver\atapi \Device\Ide\IdePort5 fffffa80039a52c0
Device \Driver\atapi \Device\Ide\IdePort1 fffffa80039a52c0
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-4 fffffa80039a52c0
Device \Driver\atapi \Device\Ide\IdePort2 fffffa80039a52c0
Device \Driver\atapi \Device\Ide\IdePort3 fffffa80039a52c0
Device \Driver\ak4gxray \Device\Scsi\ak4gxray1 fffffa8004f122c0
Device \Driver\ak4gxray \Device\Scsi\ak4gxray1Port6Path0Target0Lun0 fffffa8004f122c0
Device \FileSystem\Ntfs \Ntfs fffffa80039a92c0
Device \Driver\usbehci \Device\USBFDO-7 fffffa8004e7f2c0
Device \Driver\usbuhci \Device\USBPDO-5 fffffa8004e552c0
Device \Driver\usbehci \Device\USBFDO-3 fffffa8004e7f2c0
Device \Driver\usbuhci \Device\USBPDO-1 fffffa8004e552c0
Device \Driver\cdrom \Device\CdRom0 fffffa8004bc62c0
Device \Driver\cdrom \Device\CdRom1 fffffa8004bc62c0
Device \Driver\usbuhci \Device\USBPDO-6 fffffa8004e552c0
Device \Driver\usbuhci \Device\USBFDO-4 fffffa8004e552c0
Device \Driver\usbuhci \Device\USBFDO-0 fffffa8004e552c0
Device \Driver\usbuhci \Device\USBPDO-2 fffffa8004e552c0
Device \Driver\usbehci \Device\USBPDO-7 fffffa8004e7f2c0
Device \Driver\usbuhci \Device\USBFDO-5 fffffa8004e552c0
Device \Driver\usbehci \Device\USBPDO-3 fffffa8004e7f2c0
Device \Driver\usbuhci \Device\USBFDO-1 fffffa8004e552c0
Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004d162c0
Device \Driver\usbuhci \Device\USBFDO-6 fffffa8004e552c0
Device \Driver\usbuhci \Device\USBPDO-4 fffffa8004e552c0
Device \Driver\atapi \Device\ScsiPort0 fffffa80039a52c0
Device \Driver\usbuhci \Device\USBFDO-2 fffffa8004e552c0
Device \Driver\usbuhci \Device\USBPDO-0 fffffa8004e552c0
Device \Driver\atapi \Device\ScsiPort1 fffffa80039a52c0
Device \Driver\atapi \Device\ScsiPort2 fffffa80039a52c0
Device \Driver\atapi \Device\ScsiPort3 fffffa80039a52c0
Device \Driver\atapi \Device\ScsiPort4 fffffa80039a52c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{4687A7A5-E020-4733-8CA3-C733872024C6} fffffa8004d162c0
Device \Driver\atapi \Device\ScsiPort5 fffffa80039a52c0
Device \Driver\ak4gxray \Device\ScsiPort6 fffffa8004f122c0

---- Trace I/O - GMER 2.1 ----

Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039a52c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa80039a52c0
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800492c060] fffffa800492c060
Trace 3 CLASSPNP.SYS[fffff880013ab43f] -> nt!IofCallDriver -> [0xfffffa80043e9e40] fffffa80043e9e40
Trace 5 ACPI.sys[fffff88000fb17a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa800440e060] fffffa800440e060
Trace \Driver\atapi[0xfffffa80043d6730] -> IRP_MJ_CREATE -> 0xfffffa80039a52c0 fffffa80039a52c0

---- Modules - GMER 2.1 ----

Module \SystemRoot\System32\Drivers\ak4gxray.SYS fffff88004400000-fffff88004451000 (331776 bytes)

---- Threads - GMER 2.1 ----

Thread C:\Windows\System32\svchost.exe [3068:1960] 000007feec759688

---- Services - GMER 2.1 ----

Service C:\Windows\system32\drivers\aswFsBlk.sys (*** hidden *** ) [AUTO] aswFsBlk <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswMonFlt.sys (*** hidden *** ) [AUTO] aswMonFlt <-- ROOTKIT !!!
Service C:\Windows\System32\Drivers\aswrdr2.sys (*** hidden *** ) [SYSTEM] aswRdr <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswRvrt.sys (*** hidden *** ) [BOOT] aswRvrt <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswSnx.sys (*** hidden *** ) [SYSTEM] aswSnx <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswSP.sys (*** hidden *** ) [SYSTEM] aswSP <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswTdi.sys (*** hidden *** ) [SYSTEM] aswTdi <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswVmm.sys (*** hidden *** ) [BOOT] aswVmm <-- ROOTKIT !!!
Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!!

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 3
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 35577
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x55 0xCC 0x36 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5F 0x32 0x18 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1C 0x2F 0x14 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 18
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 101517
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName (null)
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description (null)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath (null)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName (null)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group (null)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService (null)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName (null)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description (null)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 (null)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x55 0xCC 0x36 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5F 0x32 0x18 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x99 0xCA 0x6B 0xD4 ...

---- EOF - GMER 2.1 ----

[ + lainaa]

Vastaa

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > nettiliittymä suljettu 2krt viikona aikana haittaliikenteen vuoksi..


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.