GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-08-26 00:57:26 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1200BEVS-60UST0 rev.01.01A01 Running: gmer.exe; Driver: C:\DOCUME~1\Marcin\USTAWI~1\Temp\pxtdypow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA8A0C202] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA8A9AD8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA8A306C1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA8A0E7F0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA8A0E848] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA8A0E95E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA8A30075] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA8A0E746] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA8A0E898] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA8A0E79A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA8A0E90C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA8A0C226] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA8A30D87] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA8A3103D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA8A0EBE2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA8A30BF2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA8A30A5D] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA8A9AE3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA8A0BFF0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA8A0C24A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA8A0ED56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA8A0CCDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA8A0E820] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA8A0E870] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA8A0E988] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA8A303D1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA8A0E772] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA8A0EA1A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA8A0E8D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA8A0E7C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA8A0EAFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA8A0E936] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA8A9AED4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA8A308D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA8A0CBA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA8A3072A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA8AA310E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA8A2F6E8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA8A0C26E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA8A0C292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA8A0C04A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA8A0C186] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA8A30E8E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA8A0C162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA8A0C1AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA8A0C2B6] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8AB0398] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504518 4 Bytes JMP D656EDBD .text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 8 Bytes [98, E8, A0, A8, 9A, E7, A0, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2CBC 80504558 4 Bytes [0C, E9, A0, A8] .text ntkrnlpa.exe!ZwCallbackReturn + 2DAC 80504648 8 Bytes [20, E8, A0, A8, 70, E8, A0, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2DB8 80504654 4 Bytes JMP D7DCEEF9 .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL A8A0D335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP A8AABD4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP A8AAD7F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP A8AB039C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngFreeUserMem + 674 BF809962 5 Bytes JMP A8A0FCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF813956 5 Bytes JMP A8A0FBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79A8 BF824309 5 Bytes JMP A8A0EF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828C73 5 Bytes JMP A8A0FE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316BE 5 Bytes JMP A8A10014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B68E BF83A0FC 5 Bytes JMP A8A0FB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP A8A0EE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E554 5 Bytes JMP A8A0F180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E5DF 5 Bytes JMP A8A0F326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F852 5 Bytes JMP A8A0EE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5454 BF864C1E 5 Bytes JMP A8A0FBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 411E BF873F63 5 Bytes JMP A8A0F2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF8947C0 5 Bytes JMP A8A0FD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF895298 5 Bytes JMP A8A0FF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DEC BF89DBD8 5 Bytes JMP A8A0EFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP A8A0F03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CA5B2 5 Bytes JMP A8A0F0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CA832 5 Bytes JMP A8A0F0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2A7 5 Bytes JMP A8A0ED8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP A8A0EEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 25B3 BF913FB9 5 Bytes JMP A8A0F008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F12 BF916918 5 Bytes JMP A8A0F440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 18FC BF94638A 5 Bytes JMP A8A0FECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\svchost.exe[188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[188] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[188] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[188] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[188] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[188] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[188] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[188] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[188] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[188] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[188] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[188] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[188] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[188] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[188] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[316] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[316] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[316] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[316] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[316] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[316] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[316] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[316] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[316] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[316] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[316] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[316] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[316] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[316] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[316] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[316] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\DOCUME~1\Marcin\USTAWI~1\Temp\Rar$EX00.062\gmer.exe[428] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\DOCUME~1\Marcin\USTAWI~1\Temp\Rar$EX00.062\gmer.exe[428] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\spoolsv.exe[436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[436] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\spoolsv.exe[436] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\spoolsv.exe[436] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\spoolsv.exe[436] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\spoolsv.exe[436] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\spoolsv.exe[436] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\spoolsv.exe[436] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\spoolsv.exe[436] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\spoolsv.exe[436] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\spoolsv.exe[436] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\spoolsv.exe[436] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\spoolsv.exe[436] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\spoolsv.exe[436] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\SearchProtocolHost.exe[472] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\SearchProtocolHost.exe[472] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[548] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[548] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[548] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[548] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[548] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[548] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001701F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001703FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00551014 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00550804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00550A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00550C0C .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00550E10 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005501F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005503FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00550600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00560804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00560A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00560600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005601F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005603FC .text C:\WINDOWS\System32\smss.exe[672] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[696] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[696] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[696] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[696] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[696] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\csrss.exe[724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[724] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[748] ntdll.dll!NtLockProductActivationKeys 7C90D4AE 5 Bytes JMP 10001000 C:\WINDOWS\system32\antiwpa.dll .text C:\WINDOWS\system32\winlogon.exe[748] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[748] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[748] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[748] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[748] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\winlogon.exe[748] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\winlogon.exe[748] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\winlogon.exe[748] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\winlogon.exe[748] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\winlogon.exe[748] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\winlogon.exe[748] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\winlogon.exe[748] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\winlogon.exe[748] USER32.dll!GetSystemMetrics 7E368F9C 5 Bytes JMP 10001018 C:\WINDOWS\system32\antiwpa.dll .text C:\WINDOWS\system32\winlogon.exe[748] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\winlogon.exe[748] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\winlogon.exe[748] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\winlogon.exe[748] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\winlogon.exe[748] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\services.exe[792] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[792] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[792] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[792] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\services.exe[792] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\services.exe[792] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\services.exe[792] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\services.exe[792] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\services.exe[792] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\lsass.exe[804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[804] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[804] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[804] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\lsass.exe[804] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\lsass.exe[804] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\lsass.exe[804] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\lsass.exe[804] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[976] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[976] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[976] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[976] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[976] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\SearchIndexer.exe[1120] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000D01F8 .text C:\WINDOWS\system32\SearchIndexer.exe[1120] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\SearchIndexer.exe[1120] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000D03FC .text C:\WINDOWS\system32\SearchIndexer.exe[1120] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) .text C:\WINDOWS\system32\SearchIndexer.exe[1120] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00361014 .text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00360804 .text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00360A08 .text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00360C0C .text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00360E10 .text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003601F8 .text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003603FC .text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00360600 .text C:\WINDOWS\system32\SearchIndexer.exe[1120] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00370804 .text C:\WINDOWS\system32\SearchIndexer.exe[1120] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00370A08 .text C:\WINDOWS\system32\SearchIndexer.exe[1120] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00370600 .text C:\WINDOWS\system32\SearchIndexer.exe[1120] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003701F8 .text C:\WINDOWS\system32\SearchIndexer.exe[1120] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003703FC .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\SearchFilterHost.exe[1204] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\SearchFilterHost.exe[1204] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Marcin\Moje dokumenty\Downloads\OTL.exe[1212] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Marcin\Moje dokumenty\Downloads\OTL.exe[1212] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[1232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[1232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[1232] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Java\jre6\bin\jqs.exe[1232] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[1232] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Java\jre6\bin\jqs.exe[1232] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Java\jre6\bin\jqs.exe[1232] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Java\jre6\bin\jqs.exe[1232] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Java\jre6\bin\jqs.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Java\jre6\bin\jqs.exe[1232] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[1232] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Java\jre6\bin\jqs.exe[1232] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Java\jre6\bin\jqs.exe[1232] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Java\jre6\bin\jqs.exe[1232] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Java\jre6\bin\jqs.exe[1232] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Java\jre6\bin\jqs.exe[1232] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[1232] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1468] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1468] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1468] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1468] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1468] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1468] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1468] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1468] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1468] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1468] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1468] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1468] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1468] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1468] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1468] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1468] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[1468] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1620] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1620] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[1644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1644] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\Explorer.EXE[1644] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\Explorer.EXE[1644] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\Explorer.EXE[1644] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\Explorer.EXE[1644] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\Explorer.EXE[1644] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\Explorer.EXE[1644] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\Explorer.EXE[1644] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\Explorer.EXE[1644] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\Explorer.EXE[1644] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\Explorer.EXE[1644] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\Explorer.EXE[1644] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\Explorer.EXE[1644] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\Explorer.EXE[1644] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1736] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1736] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1736] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1736] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1736] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1736] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1736] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1736] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1736] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1736] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1736] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1736] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1736] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1736] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1736] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001701F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001703FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00551014 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00550804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00550A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00550C0C .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00550E10 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005501F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005503FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00550600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00560804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00560A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00560600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005601F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005603FC .text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1992] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1992] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1992] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1992] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1992] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1992] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1992] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1992] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1992] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1992] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1992] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1992] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1992] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1992] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1992] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1992] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\hkcmd.exe[2260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\hkcmd.exe[2260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[2260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\hkcmd.exe[2260] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[2260] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\hkcmd.exe[2260] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\hkcmd.exe[2260] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\hkcmd.exe[2260] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\hkcmd.exe[2260] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\hkcmd.exe[2260] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00431014 .text C:\WINDOWS\system32\hkcmd.exe[2260] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00430804 .text C:\WINDOWS\system32\hkcmd.exe[2260] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00430A08 .text C:\WINDOWS\system32\hkcmd.exe[2260] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00430C0C .text C:\WINDOWS\system32\hkcmd.exe[2260] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00430E10 .text C:\WINDOWS\system32\hkcmd.exe[2260] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004301F8 .text C:\WINDOWS\system32\hkcmd.exe[2260] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004303FC .text C:\WINDOWS\system32\hkcmd.exe[2260] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00430600 .text C:\WINDOWS\system32\igfxpers.exe[2272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\igfxpers.exe[2272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[2272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\igfxpers.exe[2272] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[2272] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\igfxpers.exe[2272] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\igfxpers.exe[2272] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\igfxpers.exe[2272] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\igfxpers.exe[2272] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\igfxpers.exe[2272] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\WINDOWS\system32\igfxpers.exe[2272] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\igfxpers.exe[2272] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\igfxpers.exe[2272] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\WINDOWS\system32\igfxpers.exe[2272] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\WINDOWS\system32\igfxpers.exe[2272] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\igfxpers.exe[2272] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\igfxpers.exe[2272] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001701F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001703FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00551014 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00550804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00550A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00550C0C .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00550E10 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005501F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005503FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00550600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00560804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00560A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00560600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005601F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005603FC .text C:\WINDOWS\system32\igfxsrvc.exe[2344] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\igfxsrvc.exe[2344] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[2344] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\igfxsrvc.exe[2344] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[2344] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\igfxsrvc.exe[2344] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\igfxsrvc.exe[2344] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\igfxsrvc.exe[2344] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\igfxsrvc.exe[2344] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\igfxsrvc.exe[2344] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\WINDOWS\system32\igfxsrvc.exe[2344] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\igfxsrvc.exe[2344] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\igfxsrvc.exe[2344] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\WINDOWS\system32\igfxsrvc.exe[2344] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\WINDOWS\system32\igfxsrvc.exe[2344] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\igfxsrvc.exe[2344] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\igfxsrvc.exe[2344] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2476] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2476] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2476] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2476] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2476] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2476] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2476] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2476] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2476] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2476] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2476] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2476] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2476] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2476] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2476] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2476] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2476] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\rundll32.exe[2508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\rundll32.exe[2508] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[2508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\rundll32.exe[2508] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[2508] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\rundll32.exe[2508] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\rundll32.exe[2508] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\rundll32.exe[2508] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\rundll32.exe[2508] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\rundll32.exe[2508] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\system32\rundll32.exe[2508] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\rundll32.exe[2508] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\rundll32.exe[2508] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\system32\rundll32.exe[2508] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\system32\rundll32.exe[2508] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\rundll32.exe[2508] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\rundll32.exe[2508] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2516] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[2524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\wscntfy.exe[2524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[2524] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\wscntfy.exe[2524] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[2524] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\wscntfy.exe[2524] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\wscntfy.exe[2524] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\wscntfy.exe[2524] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\wscntfy.exe[2524] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\wscntfy.exe[2524] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00331014 .text C:\WINDOWS\system32\wscntfy.exe[2524] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00330804 .text C:\WINDOWS\system32\wscntfy.exe[2524] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00330A08 .text C:\WINDOWS\system32\wscntfy.exe[2524] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00330C0C .text C:\WINDOWS\system32\wscntfy.exe[2524] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00330E10 .text C:\WINDOWS\system32\wscntfy.exe[2524] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003301F8 .text C:\WINDOWS\system32\wscntfy.exe[2524] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003303FC .text C:\WINDOWS\system32\wscntfy.exe[2524] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00330600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2588] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2588] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2588] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2588] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2588] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2588] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2588] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2588] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2588] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2588] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2588] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00450804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2588] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00450A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2588] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00450600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2588] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004501F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2588] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004503FC .text C:\WINDOWS\system32\ctfmon.exe[3056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\ctfmon.exe[3056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3056] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\ctfmon.exe[3056] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3056] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\ctfmon.exe[3056] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\ctfmon.exe[3056] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\ctfmon.exe[3056] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\ctfmon.exe[3056] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\ctfmon.exe[3056] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\ctfmon.exe[3056] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\ctfmon.exe[3056] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\ctfmon.exe[3056] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\ctfmon.exe[3056] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\ctfmon.exe[3056] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\ctfmon.exe[3056] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\ctfmon.exe[3056] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\ctfmon.exe[3056] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3108] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3108] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3108] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3108] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3108] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3108] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3108] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3108] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3108] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3108] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3108] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3108] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3108] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3108] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3108] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3108] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3108] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3136] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3136] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3136] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3136] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3136] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00551014 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3136] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00550804 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3136] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00550A08 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3136] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00550C0C .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3136] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00550E10 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3136] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005501F8 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3136] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005503FC .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3136] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00550600 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3136] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00560804 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3136] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00560A08 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3136] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00560600 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3136] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005601F8 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3136] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005603FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001701F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001703FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00551014 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00550804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00550A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00550C0C .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00550E10 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005501F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005503FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00550600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00560804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00560A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00560600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005601F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005603FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001701F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001703FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00551014 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00550804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00550A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00550C0C .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00550E10 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005501F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005503FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00550600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00560804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00560A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00560600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005601F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005603FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001701F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001703FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00551014 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00550804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00550A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00550C0C .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00550E10 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005501F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005503FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00550600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00560804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00560A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00560600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005601F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005603FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001701F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001703FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00551014 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00550804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00550A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00550C0C .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00550E10 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005501F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005503FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00550600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00560804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00560A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00560600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005601F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005603FC .text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3392] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\alg.exe[3392] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\alg.exe[3392] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\alg.exe[3392] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\alg.exe[3392] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3516] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3516] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3516] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3516] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3516] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3516] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3516] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3516] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3516] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3516] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3516] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00330804 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3516] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00330A08 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3516] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00330600 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3516] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003301F8 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3516] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003303FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001701F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001703FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00551014 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00550804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00550A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00550C0C .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00550E10 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005501F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005503FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00550600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00560804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00560A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00560600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005601F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005603FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001701F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001703FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00551014 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00550804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00550A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00550C0C .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00550E10 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005501F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005503FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00550600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00560804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00560A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00560600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005601F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005603FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001701F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001703FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00551014 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00550804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00550A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00550C0C .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00550E10 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005501F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005503FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00550600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00560804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00560A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00560600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005601F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005603FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001701F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001703FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00551014 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00550804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00550A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00550C0C .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00550E10 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005501F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005503FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00550600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00560804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00560A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00560600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005601F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005603FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001701F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001703FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00551014 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00550804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00550A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00550C0C .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00550E10 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005501F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005503FC .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00550600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00560804 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00560A08 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00560600 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005601F8 .text C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005603FC ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[656] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\WINDOWS\system32\services.exe[792] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002 IAT C:\WINDOWS\system32\services.exe[792] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000 IAT C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1976] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2292] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010 IAT C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3220] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010 IAT C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3292] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3300] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010 IAT C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3388] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3416] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010 IAT C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3648] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3836] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010 IAT C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3952] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4016] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010 IAT C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4092] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167b7e847 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167b7e847@001317708806 0xBB 0x36 0x57 0x65 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\013605211f58 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\013605211fde Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\013605211fde@347e394bf766 0xA5 0xAF 0x1F 0x9D ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001167b7e847 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001167b7e847@001317708806 0xBB 0x36 0x57 0x65 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\013605211f58 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\013605211fde (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\013605211fde@347e394bf766 0xA5 0xAF 0x1F 0x9D ... ---- Files - GMER 1.0.15 ---- File C:\## aswSnx private storage 0 bytes File C:\## aswSnx private storage\r18 0 bytes File C:\## aswSnx private storage\snx_rhive 262144 bytes File C:\## aswSnx private storage\snx_rhive.LOG 1024 bytes File C:\## aswSnx private storage\webStorage 0 bytes File C:\## aswSnx private storage\webStorage\attrib 0 bytes File C:\## aswSnx private storage\webStorage\image 0 bytes File C:\## aswSnx private storage\webStorage\snx_fs.dat 180 bytes ---- EOF - GMER 1.0.15 ----