GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-09-04 09:58:23 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 ExcelStor_Technology_J8160S rev.P22OA50U Running: jlqgy25g.exe; Driver: C:\DOCUME~1\MICHA~1\USTAWI~1\Temp\pwryqpod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB29C2202] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB2A50D8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB29E66C1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB29C47F0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB29C4848] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB29C495E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB29E6075] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB29C4746] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB29C4898] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB29C479A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB29C490C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB29C2226] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB29E6D87] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB29E703D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB29C4BE2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB29E6BF2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB29E6A5D] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB2A50E3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB29C1FF0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB29C224A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB29C4D56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB29C2CDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB29C4820] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB29C4870] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB29C4988] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB29E63D1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB29C4772] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB29C4A1A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB29C48D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB29C47C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB29C4AFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB29C4936] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB2A50ED4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB29E68D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB29C2BA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB29E672A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB2A5910E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB29E56E8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB29C226E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB29C2292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB29C204A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB29C2186] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB29E6E8E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB29C2162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB29C21AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB29C22B6] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB2A66398] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2EC8 80503C9C 4 Bytes CALL AF02DAF7 PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A4F7E 4 Bytes CALL B29C3335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BAF9A 5 Bytes JMP B2A61D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C18D0 5 Bytes JMP B2A637F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CFA2E 7 Bytes JMP B2A6639C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB71AE3A0, 0x8A1A15, 0xE8000020] init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB4E69A80] .text win32k.sys!EngFreeUserMem + 674 BF809B45 5 Bytes JMP B29C5CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF80FBC0 5 Bytes JMP B29C5BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPaint + 4EF BF8255ED 5 Bytes JMP B29C4F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 1E5F BF8341A1 5 Bytes JMP B29C5E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 237D BF8346BF 5 Bytes JMP B29C5B1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 4564 BF8368A6 5 Bytes JMP B29C6014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + EE3F BF841181 5 Bytes JMP B29C4FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + DE42 BF85AD4E 5 Bytes JMP B29C4E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3474 BF87111B 5 Bytes JMP B29C5180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 34FF BF8711A6 5 Bytes JMP B29C5326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 35C1 BF87593B 5 Bytes JMP B29C5BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 411E BF894CB8 5 Bytes JMP B29C52FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 3AA1 BF8B6854 5 Bytes JMP B29C5D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 34B7 BF8BA260 5 Bytes JMP B29C4E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 8A22 BF8BF7CB 5 Bytes JMP B29C5F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 3E8 BF8C333C 5 Bytes JMP B29C503E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8EB97D 5 Bytes JMP B29C50AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8EBBFD 5 Bytes JMP B29C50E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F9A43 5 Bytes JMP B29C4D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 19C1 BF913245 5 Bytes JMP B29C4EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2595 BF913E19 5 Bytes JMP B29C5008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4EF4 BF916778 5 Bytes JMP B29C5440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 18EC BF94468A 5 Bytes JMP B29C5ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\RunDLL32.exe[364] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\RunDLL32.exe[364] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\RunDLL32.exe[364] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\RunDLL32.exe[364] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\RunDLL32.exe[364] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\RunDLL32.exe[364] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\RunDLL32.exe[364] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\RunDLL32.exe[364] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\RunDLL32.exe[364] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\RunDLL32.exe[364] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\RunDLL32.exe[364] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\RunDLL32.exe[364] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\RunDLL32.exe[364] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\RunDLL32.exe[364] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\RunDLL32.exe[364] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\RunDLL32.exe[364] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\RunDLL32.exe[364] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00300600 .text C:\Program Files\AVAST Software\Avast\avastUI.exe[404] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[404] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[428] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001601F8 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[428] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[428] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001603FC .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[428] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[428] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 003D0A08 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[428] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 003D0804 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[428] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 003D0600 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[428] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 003D01F8 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[428] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 003D03FC .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[428] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003E1014 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[428] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003E0804 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[428] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003E0A08 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[428] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003E0C0C .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[428] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003E0E10 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[428] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003E01F8 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[428] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003E03FC .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[428] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003E0600 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[484] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001601F8 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[484] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[484] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001603FC .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[484] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[484] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[484] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00961014 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[484] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00960804 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[484] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00960A08 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[484] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00960C0C .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[484] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00960E10 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[484] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 009601F8 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[484] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 009603FC .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[484] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00960600 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[484] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 00970A08 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[484] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 00970804 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[484] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00970600 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[484] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 009701F8 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[484] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 009703FC .text C:\WINDOWS\System32\smss.exe[620] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[676] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[676] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[700] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[700] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[700] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[700] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[700] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\winlogon.exe[700] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\winlogon.exe[700] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\winlogon.exe[700] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\winlogon.exe[700] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\winlogon.exe[700] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\winlogon.exe[700] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\winlogon.exe[700] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\winlogon.exe[700] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\winlogon.exe[700] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\winlogon.exe[700] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\winlogon.exe[700] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\winlogon.exe[700] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\services.exe[744] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[744] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\services.exe[744] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\services.exe[744] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[744] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\services.exe[744] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\services.exe[744] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\services.exe[744] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\lsass.exe[764] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[764] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[764] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\lsass.exe[764] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[764] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[764] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[764] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\lsass.exe[764] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[836] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[836] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[836] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[836] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014 .text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804 .text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08 .text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C .text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10 .text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8 .text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC .text C:\WINDOWS\System32\svchost.exe[836] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600 .text C:\WINDOWS\System32\svchost.exe[836] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[836] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[836] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[836] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[836] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\nvsvc32.exe[1092] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\nvsvc32.exe[1092] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1092] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\nvsvc32.exe[1092] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1092] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003D1014 .text C:\WINDOWS\system32\nvsvc32.exe[1092] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\nvsvc32.exe[1092] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\nvsvc32.exe[1092] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003D0C0C .text C:\WINDOWS\system32\nvsvc32.exe[1092] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003D0E10 .text C:\WINDOWS\system32\nvsvc32.exe[1092] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\nvsvc32.exe[1092] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\nvsvc32.exe[1092] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\nvsvc32.exe[1092] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\nvsvc32.exe[1092] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\nvsvc32.exe[1092] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\nvsvc32.exe[1092] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\nvsvc32.exe[1092] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 003E03FC .text C:\WINDOWS\System32\svchost.exe[1108] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1108] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1108] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014 .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804 .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08 .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10 .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8 .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600 .text C:\WINDOWS\System32\svchost.exe[1108] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[1108] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[1108] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[1108] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[1108] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 003003FC .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1168] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1168] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1168] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1168] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1168] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003D1014 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1168] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003D0804 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1168] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003D0A08 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1168] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003D0C0C .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1168] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003D0E10 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1168] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003D01F8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1168] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003D03FC .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1168] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003D0600 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1168] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 003E0A08 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1168] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 003E0804 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1168] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 003E0600 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1168] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 003E01F8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1168] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 003E03FC .text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014 .text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804 .text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08 .text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C .text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10 .text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8 .text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC .text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600 .text C:\WINDOWS\System32\svchost.exe[1208] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[1208] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[1208] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\wdfmgr.exe[1376] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000801F8 .text C:\WINDOWS\system32\wdfmgr.exe[1376] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\wdfmgr.exe[1376] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000803FC .text C:\WINDOWS\system32\wdfmgr.exe[1376] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\wdfmgr.exe[1376] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\wdfmgr.exe[1376] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\wdfmgr.exe[1376] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\wdfmgr.exe[1376] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\wdfmgr.exe[1376] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\wdfmgr.exe[1376] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\wdfmgr.exe[1376] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\wdfmgr.exe[1376] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\wdfmgr.exe[1376] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\wdfmgr.exe[1376] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\wdfmgr.exe[1376] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\wdfmgr.exe[1376] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\wdfmgr.exe[1376] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 003103FC .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1532] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1532] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1532] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00371014 .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00370804 .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00370A08 .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00370C0C .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00370E10 .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003701F8 .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003703FC .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00370600 .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 00380A08 .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 00380804 .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00380600 .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 003801F8 .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 003803FC .text D:\jlqgy25g.exe[1872] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001601F8 .text D:\jlqgy25g.exe[1872] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\jlqgy25g.exe[1872] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001603FC .text D:\jlqgy25g.exe[1872] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\jlqgy25g.exe[1872] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 009B1014 .text D:\jlqgy25g.exe[1872] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 009B0804 .text D:\jlqgy25g.exe[1872] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 009B0A08 .text D:\jlqgy25g.exe[1872] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 009B0C0C .text D:\jlqgy25g.exe[1872] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 009B0E10 .text D:\jlqgy25g.exe[1872] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 009B01F8 .text D:\jlqgy25g.exe[1872] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 009B03FC .text D:\jlqgy25g.exe[1872] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 009B0600 .text D:\jlqgy25g.exe[1872] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 009C0A08 .text D:\jlqgy25g.exe[1872] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 009C0804 .text D:\jlqgy25g.exe[1872] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 009C0600 .text D:\jlqgy25g.exe[1872] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 009C01F8 .text D:\jlqgy25g.exe[1872] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 009C03FC .text C:\WINDOWS\system32\spoolsv.exe[2020] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[2020] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[2020] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[2020] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\spoolsv.exe[2020] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\spoolsv.exe[2020] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\spoolsv.exe[2020] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\spoolsv.exe[2020] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\spoolsv.exe[2020] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\spoolsv.exe[2020] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\spoolsv.exe[2020] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\spoolsv.exe[2020] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\spoolsv.exe[2020] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\spoolsv.exe[2020] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\spoolsv.exe[2020] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\spoolsv.exe[2020] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\wbem\unsecapp.exe[2120] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8 .text C:\WINDOWS\System32\wbem\unsecapp.exe[2120] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\System32\wbem\unsecapp.exe[2120] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC .text C:\WINDOWS\System32\wbem\unsecapp.exe[2120] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\System32\wbem\unsecapp.exe[2120] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 003B0A08 .text C:\WINDOWS\System32\wbem\unsecapp.exe[2120] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 003B0804 .text C:\WINDOWS\System32\wbem\unsecapp.exe[2120] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 003B0600 .text C:\WINDOWS\System32\wbem\unsecapp.exe[2120] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 003B01F8 .text C:\WINDOWS\System32\wbem\unsecapp.exe[2120] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 003B03FC .text C:\WINDOWS\System32\wbem\unsecapp.exe[2120] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003C1014 .text C:\WINDOWS\System32\wbem\unsecapp.exe[2120] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003C0804 .text C:\WINDOWS\System32\wbem\unsecapp.exe[2120] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003C0A08 .text C:\WINDOWS\System32\wbem\unsecapp.exe[2120] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003C0C0C .text C:\WINDOWS\System32\wbem\unsecapp.exe[2120] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003C0E10 .text C:\WINDOWS\System32\wbem\unsecapp.exe[2120] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003C01F8 .text C:\WINDOWS\System32\wbem\unsecapp.exe[2120] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003C03FC .text C:\WINDOWS\System32\wbem\unsecapp.exe[2120] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003C0600 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2300] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2300] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2300] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2300] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2300] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2300] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2300] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2300] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2300] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2300] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2300] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2300] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2300] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2300] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2300] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2300] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2300] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\alg.exe[2620] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\alg.exe[2620] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2620] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\alg.exe[2620] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2620] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 002F0A08 .text C:\WINDOWS\System32\alg.exe[2620] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 002F0804 .text C:\WINDOWS\System32\alg.exe[2620] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 002F0600 .text C:\WINDOWS\System32\alg.exe[2620] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 002F01F8 .text C:\WINDOWS\System32\alg.exe[2620] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 002F03FC .text C:\WINDOWS\System32\alg.exe[2620] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\alg.exe[2620] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\alg.exe[2620] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\alg.exe[2620] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\alg.exe[2620] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\alg.exe[2620] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\alg.exe[2620] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\alg.exe[2620] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 00300600 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001601F8 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001603FC .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3488] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3488] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003D1014 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3488] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003D0804 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3488] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003D0A08 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3488] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003D0C0C .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3488] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003D0E10 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3488] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003D01F8 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3488] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003D03FC .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3488] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003D0600 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3488] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 003E0A08 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3488] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 003E0804 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3488] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 003E0600 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3488] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 003E01F8 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3488] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 003E03FC .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001801F8 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001803FC .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003F1014 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003F0804 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003F0C0C .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003F0E10 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003F03FC .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003F0600 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 00550A08 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 00550804 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00550600 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 005501F8 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 005503FC .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001801F8 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001803FC .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003F1014 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003F0804 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003F0C0C .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003F0E10 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003F03FC .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003F0600 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 00550A08 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 00550804 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00550600 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 005501F8 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 005503FC .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001801F8 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001803FC .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 003F1014 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 003F0804 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 003F0C0C .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 003F0E10 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 003F03FC .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 003F0600 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] USER32.dll!UnhookWindowsHookEx 77D40DF3 5 Bytes JMP 00550A08 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 00550804 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00550600 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] USER32.dll!SetWinEventHook 77D517C8 5 Bytes JMP 005501F8 .text C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] USER32.dll!UnhookWinEvent 77D5187D 5 Bytes JMP 005503FC ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[744] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00620002 IAT C:\WINDOWS\system32\services.exe[744] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00620000 IAT C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3632] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002A0010 IAT C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002A0010 IAT C:\Documents and Settings\Micha許Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3788] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002A0010 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Threads - GMER 1.0.15 ---- Thread System [4:156] B701D82E ---- EOF - GMER 1.0.15 ----