GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-23 16:38:54 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600JB-00GVA0 rev.08.02D08 Running: 4h62793e.exe; Driver: C:\Users\Maciej\AppData\Local\Temp\ugdiypod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8DCA1FC4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x90D28510] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8DCA4456] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8DCA44AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8DCA45C4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8DCA43AC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8DCA44FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8DCA4400] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8DCA4572] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8DCA1FE8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x90D285C0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8DCA1DB2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8DCA200C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8DCA49BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8DCA2AA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8DCA4486] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8DCA44D6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8DCA45EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8DCA43D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8DCA453E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8DCA442E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8DCA459C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x90D28658] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8DCA296A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8DCA2030] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8DCA2054] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8DCA1E0C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8DCA1F48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8DCA1F24] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8DCA1F6C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8DCA2078] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90D3C7A2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A50539 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A75092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 224 82A7C884 4 Bytes [C4, 1F, CA, 8D] .text ntkrnlpa.exe!RtlSidHashLookup + 24C 82A7C8AC 4 Bytes [10, 85, D2, 90] .text ntkrnlpa.exe!RtlSidHashLookup + 300 82A7C960 8 Bytes [56, 44, CA, 8D, AE, 44, CA, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 30C 82A7C96C 4 Bytes [C4, 45, CA, 8D] .text ntkrnlpa.exe!RtlSidHashLookup + 328 82A7C988 4 Bytes [AC, 43, CA, 8D] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82C16342 5 Bytes JMP 90D3969C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 82C30055 5 Bytes JMP 90D3B174 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82C7A65A 4 Bytes CALL 8DCA3025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82C82734 4 Bytes CALL 8DCA303B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82CE83C8 7 Bytes JMP 90D3C7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\System32\svchost.exe[192] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[192] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[192] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\System32\svchost.exe[192] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00280A08 .text C:\Windows\System32\svchost.exe[192] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 002803FC .text C:\Windows\System32\svchost.exe[192] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00280804 .text C:\Windows\System32\svchost.exe[192] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 002801F8 .text C:\Windows\System32\svchost.exe[192] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00280600 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[196] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[196] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[196] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[196] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 001F0A08 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[196] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 001F03FC .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[196] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 001F0804 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[196] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 001F01F8 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[196] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 001F0600 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[276] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[304] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 001603FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[304] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 001601F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[304] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[304] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00210A08 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[304] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 002103FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[304] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00210804 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[304] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 002101F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[304] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00210600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[308] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[308] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[308] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[308] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00210A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[308] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 002103FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[308] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00210804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[308] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 002101F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[308] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00210600 .text C:\Windows\system32\csrss.exe[360] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[416] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000703FC .text C:\Windows\system32\wuauclt.exe[416] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000701F8 .text C:\Windows\system32\wuauclt.exe[416] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[416] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00100A08 .text C:\Windows\system32\wuauclt.exe[416] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 001003FC .text C:\Windows\system32\wuauclt.exe[416] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00100804 .text C:\Windows\system32\wuauclt.exe[416] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 001001F8 .text C:\Windows\system32\wuauclt.exe[416] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00100600 .text C:\Windows\system32\svchost.exe[420] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[420] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[420] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\wininit.exe[424] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000303FC .text C:\Windows\system32\wininit.exe[424] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000301F8 .text C:\Windows\system32\wininit.exe[424] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\wininit.exe[424] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00100A08 .text C:\Windows\system32\wininit.exe[424] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 001003FC .text C:\Windows\system32\wininit.exe[424] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00100804 .text C:\Windows\system32\wininit.exe[424] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 001001F8 .text C:\Windows\system32\wininit.exe[424] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00100600 .text C:\Windows\system32\csrss.exe[440] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\AUDIODG.EXE[476] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Windows\system32\AUDIODG.EXE[476] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Windows\system32\AUDIODG.EXE[476] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\AUDIODG.EXE[476] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00100A08 .text C:\Windows\system32\AUDIODG.EXE[476] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 001003FC .text C:\Windows\system32\AUDIODG.EXE[476] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00100804 .text C:\Windows\system32\AUDIODG.EXE[476] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 001001F8 .text C:\Windows\system32\AUDIODG.EXE[476] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00100600 .text C:\Windows\system32\services.exe[492] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Windows\system32\services.exe[492] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Windows\system32\services.exe[492] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\winlogon.exe[516] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000303FC .text C:\Windows\system32\winlogon.exe[516] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000301F8 .text C:\Windows\system32\winlogon.exe[516] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\winlogon.exe[516] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00050A08 .text C:\Windows\system32\winlogon.exe[516] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 000503FC .text C:\Windows\system32\winlogon.exe[516] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00050804 .text C:\Windows\system32\winlogon.exe[516] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 000501F8 .text C:\Windows\system32\winlogon.exe[516] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00050600 .text C:\Windows\system32\lsass.exe[544] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Windows\system32\lsass.exe[544] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Windows\system32\lsass.exe[544] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\lsass.exe[544] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 000D0A08 .text C:\Windows\system32\lsass.exe[544] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 000D03FC .text C:\Windows\system32\lsass.exe[544] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 000D0804 .text C:\Windows\system32\lsass.exe[544] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 000D01F8 .text C:\Windows\system32\lsass.exe[544] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 000D0600 .text C:\Windows\system32\lsm.exe[552] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Windows\system32\lsm.exe[552] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Windows\system32\lsm.exe[552] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\svchost.exe[648] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[648] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[648] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[724] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Windows\system32\nvvsvc.exe[724] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Windows\system32\nvvsvc.exe[724] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[724] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 000F0A08 .text C:\Windows\system32\nvvsvc.exe[724] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 000F03FC .text C:\Windows\system32\nvvsvc.exe[724] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 000F0804 .text C:\Windows\system32\nvvsvc.exe[724] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 000F01F8 .text C:\Windows\system32\nvvsvc.exe[724] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 000F0600 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[748] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 001503FC .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[748] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 001501F8 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[748] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[748] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[748] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 001F03FC .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[748] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 001F0804 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[748] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 001F01F8 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[748] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 001F0600 .text C:\Windows\system32\svchost.exe[800] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[800] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[800] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\svchost.exe[800] user32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00760A08 .text C:\Windows\system32\svchost.exe[800] user32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 007603FC .text C:\Windows\system32\svchost.exe[800] user32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00760804 .text C:\Windows\system32\svchost.exe[800] user32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 007601F8 .text C:\Windows\system32\svchost.exe[800] user32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00760600 .text C:\Windows\System32\svchost.exe[900] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[900] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[900] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\System32\svchost.exe[900] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00220A08 .text C:\Windows\System32\svchost.exe[900] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 002203FC .text C:\Windows\System32\svchost.exe[900] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00220804 .text C:\Windows\System32\svchost.exe[900] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 002201F8 .text C:\Windows\System32\svchost.exe[900] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00220600 .text C:\Windows\System32\svchost.exe[936] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[936] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[936] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\System32\svchost.exe[936] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 008E0A08 .text C:\Windows\System32\svchost.exe[936] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 008E03FC .text C:\Windows\System32\svchost.exe[936] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 008E0804 .text C:\Windows\System32\svchost.exe[936] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 008E01F8 .text C:\Windows\System32\svchost.exe[936] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 008E0600 .text C:\Windows\system32\svchost.exe[964] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[964] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx 75A5CC7B 3 Bytes JMP 00A60A08 .text C:\Windows\system32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx + 4 75A5CC7F 1 Byte [8B] .text C:\Windows\system32\svchost.exe[964] USER32.dll!UnhookWinEvent 75A5D924 3 Bytes JMP 00A603FC .text C:\Windows\system32\svchost.exe[964] USER32.dll!UnhookWinEvent + 4 75A5D928 1 Byte [8B] .text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00A60804 .text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 00A601F8 .text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00A60600 .text C:\Windows\system32\rundll32.exe[1084] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000703FC .text C:\Windows\system32\rundll32.exe[1084] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000701F8 .text C:\Windows\system32\rundll32.exe[1084] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\rundll32.exe[1084] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00100A08 .text C:\Windows\system32\rundll32.exe[1084] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 001003FC .text C:\Windows\system32\rundll32.exe[1084] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00100804 .text C:\Windows\system32\rundll32.exe[1084] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 001001F8 .text C:\Windows\system32\rundll32.exe[1084] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00100600 .text C:\Windows\system32\taskhost.exe[1112] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000503FC .text C:\Windows\system32\taskhost.exe[1112] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskhost.exe[1112] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\taskhost.exe[1112] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 000E0A08 .text C:\Windows\system32\taskhost.exe[1112] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 000E03FC .text C:\Windows\system32\taskhost.exe[1112] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 000E0804 .text C:\Windows\system32\taskhost.exe[1112] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 000E01F8 .text C:\Windows\system32\taskhost.exe[1112] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 000E0600 .text C:\Windows\system32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1128] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1128] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\svchost.exe[1128] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00970A08 .text C:\Windows\system32\svchost.exe[1128] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 009703FC .text C:\Windows\system32\svchost.exe[1128] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00970804 .text C:\Windows\system32\svchost.exe[1128] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 009701F8 .text C:\Windows\system32\svchost.exe[1128] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00970600 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtCreateFile + 6 76EF4876 4 Bytes [28, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtCreateFile + B 76EF487B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtMapViewOfSection + 6 76EF4ED6 1 Byte [28] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtMapViewOfSection + 6 76EF4ED6 4 Bytes [28, 03, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtMapViewOfSection + B 76EF4EDB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenFile + 6 76EF4F86 4 Bytes [68, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenFile + B 76EF4F8B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcess + 6 76EF5036 4 Bytes [A8, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcess + B 76EF503B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcessToken + 6 76EF5046 4 Bytes CALL 75EF574C C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcessToken + B 76EF504B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcessTokenEx + 6 76EF5056 4 Bytes [A8, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenProcessTokenEx + B 76EF505B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThread + 6 76EF50B6 4 Bytes [68, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThread + B 76EF50BB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThreadToken + 6 76EF50C6 4 Bytes [68, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThreadToken + B 76EF50CB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThreadTokenEx + 6 76EF50D6 4 Bytes CALL 75EF57DD C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtOpenThreadTokenEx + B 76EF50DB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtQueryAttributesFile + 6 76EF51E6 4 Bytes [A8, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtQueryAttributesFile + B 76EF51EB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtQueryFullAttributesFile + 6 76EF5296 4 Bytes CALL 75EF599B C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtQueryFullAttributesFile + B 76EF529B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtSetInformationFile + 6 76EF58E6 4 Bytes [28, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtSetInformationFile + B 76EF58EB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtSetInformationThread + 6 76EF5946 4 Bytes [28, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtSetInformationThread + B 76EF594B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtUnmapViewOfSection + 6 76EF5C66 1 Byte [68] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtUnmapViewOfSection + 6 76EF5C66 4 Bytes [68, 03, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!NtUnmapViewOfSection + B 76EF5C6B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000903FC .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000901F8 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00230A08 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 002303FC .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00230804 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 002301F8 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1244] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00230600 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtCreateFile + 6 76EF4876 4 Bytes [28, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtCreateFile + B 76EF487B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtMapViewOfSection + 6 76EF4ED6 1 Byte [28] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtMapViewOfSection + 6 76EF4ED6 4 Bytes [28, 03, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtMapViewOfSection + B 76EF4EDB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenFile + 6 76EF4F86 4 Bytes [68, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenFile + B 76EF4F8B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenProcess + 6 76EF5036 4 Bytes [A8, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenProcess + B 76EF503B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenProcessToken + 6 76EF5046 4 Bytes CALL 75EF574C C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenProcessToken + B 76EF504B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenProcessTokenEx + 6 76EF5056 4 Bytes [A8, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenProcessTokenEx + B 76EF505B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenThread + 6 76EF50B6 4 Bytes [68, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenThread + B 76EF50BB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenThreadToken + 6 76EF50C6 4 Bytes [68, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenThreadToken + B 76EF50CB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenThreadTokenEx + 6 76EF50D6 4 Bytes CALL 75EF57DD C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtOpenThreadTokenEx + B 76EF50DB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtQueryAttributesFile + 6 76EF51E6 4 Bytes [A8, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtQueryAttributesFile + B 76EF51EB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtQueryFullAttributesFile + 6 76EF5296 4 Bytes CALL 75EF599B C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtQueryFullAttributesFile + B 76EF529B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtSetInformationFile + 6 76EF58E6 4 Bytes [28, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtSetInformationFile + B 76EF58EB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtSetInformationThread + 6 76EF5946 4 Bytes [28, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtSetInformationThread + B 76EF594B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtUnmapViewOfSection + 6 76EF5C66 1 Byte [68] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtUnmapViewOfSection + 6 76EF5C66 4 Bytes [68, 03, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtUnmapViewOfSection + B 76EF5C6B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000803FC .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000801F8 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00120A08 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 001203FC .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00120804 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 001201F8 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[1252] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00120600 .text C:\Windows\system32\svchost.exe[1268] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1268] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\svchost.exe[1268] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00A40A08 .text C:\Windows\system32\svchost.exe[1268] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 00A403FC .text C:\Windows\system32\svchost.exe[1268] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00A40804 .text C:\Windows\system32\svchost.exe[1268] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 00A401F8 .text C:\Windows\system32\svchost.exe[1268] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00A40600 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1280] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1280] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1280] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1280] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00080A08 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1280] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 000803FC .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1280] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00080804 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1280] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 000801F8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1280] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00080600 .text C:\Windows\system32\nvvsvc.exe[1304] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Windows\system32\nvvsvc.exe[1304] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Windows\system32\nvvsvc.exe[1304] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[1304] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00100A08 .text C:\Windows\system32\nvvsvc.exe[1304] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 001003FC .text C:\Windows\system32\nvvsvc.exe[1304] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00100804 .text C:\Windows\system32\nvvsvc.exe[1304] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 001001F8 .text C:\Windows\system32\nvvsvc.exe[1304] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00100600 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1356] kernel32.dll!SetUnhandledExceptionFilter 756F30E2 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1356] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1580] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Windows\system32\Dwm.exe[1580] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Windows\system32\Dwm.exe[1580] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1580] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 000F0A08 .text C:\Windows\system32\Dwm.exe[1580] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 000F03FC .text C:\Windows\system32\Dwm.exe[1580] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 000F0804 .text C:\Windows\system32\Dwm.exe[1580] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 000F01F8 .text C:\Windows\system32\Dwm.exe[1580] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 000F0600 .text C:\Windows\Explorer.EXE[1648] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Windows\Explorer.EXE[1648] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Windows\Explorer.EXE[1648] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\Explorer.EXE[1648] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00150A08 .text C:\Windows\Explorer.EXE[1648] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 001503FC .text C:\Windows\Explorer.EXE[1648] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00150804 .text C:\Windows\Explorer.EXE[1648] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 001501F8 .text C:\Windows\Explorer.EXE[1648] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00150600 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1684] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1684] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1684] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1684] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00110A08 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1684] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 001103FC .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1684] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00110804 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1684] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 001101F8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1684] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00110600 .text C:\Windows\System32\spoolsv.exe[1712] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Windows\System32\spoolsv.exe[1712] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Windows\System32\spoolsv.exe[1712] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1712] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00100A08 .text C:\Windows\System32\spoolsv.exe[1712] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 001003FC .text C:\Windows\System32\spoolsv.exe[1712] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00100804 .text C:\Windows\System32\spoolsv.exe[1712] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 001001F8 .text C:\Windows\System32\spoolsv.exe[1712] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00100600 .text C:\Windows\system32\svchost.exe[1876] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1876] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1876] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\svchost.exe[1876] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00150A08 .text C:\Windows\system32\svchost.exe[1876] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 001503FC .text C:\Windows\system32\svchost.exe[1876] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00150804 .text C:\Windows\system32\svchost.exe[1876] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 001501F8 .text C:\Windows\system32\svchost.exe[1876] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00150600 .text C:\Windows\system32\svchost.exe[2040] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2040] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2040] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\svchost.exe[2040] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00B80A08 .text C:\Windows\system32\svchost.exe[2040] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 00B803FC .text C:\Windows\system32\svchost.exe[2040] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00B80804 .text C:\Windows\system32\svchost.exe[2040] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 00B801F8 .text C:\Windows\system32\svchost.exe[2040] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00B80600 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2168] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 001703FC .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2168] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 001701F8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2168] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2168] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00200A08 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2168] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 002003FC .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2168] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00200804 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2168] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 002001F8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2168] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00200600 .text C:\Windows\system32\SearchIndexer.exe[2484] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Windows\system32\SearchIndexer.exe[2484] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Windows\system32\SearchIndexer.exe[2484] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[2484] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00090A08 .text C:\Windows\system32\SearchIndexer.exe[2484] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 000903FC .text C:\Windows\system32\SearchIndexer.exe[2484] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00090804 .text C:\Windows\system32\SearchIndexer.exe[2484] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 000901F8 .text C:\Windows\system32\SearchIndexer.exe[2484] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00090600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00240A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 002403FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00240804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 002401F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00240600 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtCreateFile + 6 76EF4876 4 Bytes [28, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtCreateFile + B 76EF487B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtMapViewOfSection + 6 76EF4ED6 1 Byte [28] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtMapViewOfSection + 6 76EF4ED6 4 Bytes [28, 03, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtMapViewOfSection + B 76EF4EDB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenFile + 6 76EF4F86 4 Bytes [68, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenFile + B 76EF4F8B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcess + 6 76EF5036 4 Bytes [A8, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcess + B 76EF503B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcessToken + 6 76EF5046 4 Bytes CALL 75EF574C C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcessToken + B 76EF504B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcessTokenEx + 6 76EF5056 4 Bytes [A8, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenProcessTokenEx + B 76EF505B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThread + 6 76EF50B6 4 Bytes [68, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThread + B 76EF50BB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThreadToken + 6 76EF50C6 4 Bytes [68, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThreadToken + B 76EF50CB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThreadTokenEx + 6 76EF50D6 4 Bytes CALL 75EF57DD C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtOpenThreadTokenEx + B 76EF50DB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtQueryAttributesFile + 6 76EF51E6 4 Bytes [A8, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtQueryAttributesFile + B 76EF51EB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtQueryFullAttributesFile + 6 76EF5296 4 Bytes CALL 75EF599B C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtQueryFullAttributesFile + B 76EF529B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtSetInformationFile + 6 76EF58E6 4 Bytes [28, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtSetInformationFile + B 76EF58EB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtSetInformationThread + 6 76EF5946 4 Bytes [28, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtSetInformationThread + B 76EF594B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtUnmapViewOfSection + 6 76EF5C66 1 Byte [68] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtUnmapViewOfSection + 6 76EF5C66 4 Bytes [68, 03, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!NtUnmapViewOfSection + B 76EF5C6B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000903FC .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000901F8 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00270A08 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 002703FC .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00270804 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 002701F8 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[2940] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00270600 .text C:\Windows\system32\sppsvc.exe[3372] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000703FC .text C:\Windows\system32\sppsvc.exe[3372] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000701F8 .text C:\Windows\system32\sppsvc.exe[3372] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\system32\sppsvc.exe[3372] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00110A08 .text C:\Windows\system32\sppsvc.exe[3372] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 001103FC .text C:\Windows\system32\sppsvc.exe[3372] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00110804 .text C:\Windows\system32\sppsvc.exe[3372] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 001101F8 .text C:\Windows\system32\sppsvc.exe[3372] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00110600 .text C:\Users\Maciej\Downloads\4h62793e.exe[3456] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\System32\svchost.exe[4088] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[4088] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[4088] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Windows\System32\svchost.exe[4088] user32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00250A08 .text C:\Windows\System32\svchost.exe[4088] user32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 002503FC .text C:\Windows\System32\svchost.exe[4088] user32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00250804 .text C:\Windows\System32\svchost.exe[4088] user32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 002501F8 .text C:\Windows\System32\svchost.exe[4088] user32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00250600 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtCreateFile + 6 76EF4876 4 Bytes [28, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtCreateFile + B 76EF487B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtMapViewOfSection + 6 76EF4ED6 1 Byte [28] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtMapViewOfSection + 6 76EF4ED6 4 Bytes [28, 03, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtMapViewOfSection + B 76EF4EDB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenFile + 6 76EF4F86 4 Bytes [68, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenFile + B 76EF4F8B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenProcess + 6 76EF5036 4 Bytes [A8, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenProcess + B 76EF503B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenProcessToken + 6 76EF5046 4 Bytes CALL 75EF574C C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenProcessToken + B 76EF504B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenProcessTokenEx + 6 76EF5056 4 Bytes [A8, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenProcessTokenEx + B 76EF505B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenThread + 6 76EF50B6 4 Bytes [68, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenThread + B 76EF50BB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenThreadToken + 6 76EF50C6 4 Bytes [68, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenThreadToken + B 76EF50CB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenThreadTokenEx + 6 76EF50D6 4 Bytes CALL 75EF57DD C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtOpenThreadTokenEx + B 76EF50DB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtQueryAttributesFile + 6 76EF51E6 4 Bytes [A8, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtQueryAttributesFile + B 76EF51EB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtQueryFullAttributesFile + 6 76EF5296 4 Bytes CALL 75EF599B C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtQueryFullAttributesFile + B 76EF529B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtSetInformationFile + 6 76EF58E6 4 Bytes [28, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtSetInformationFile + B 76EF58EB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtSetInformationThread + 6 76EF5946 4 Bytes [28, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtSetInformationThread + B 76EF594B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtUnmapViewOfSection + 6 76EF5C66 1 Byte [68] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtUnmapViewOfSection + 6 76EF5C66 4 Bytes [68, 03, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!NtUnmapViewOfSection + B 76EF5C6B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000903FC .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000901F8 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00130A08 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 001303FC .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00130804 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 001301F8 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[4412] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00130600 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtCreateFile + 6 76EF4876 4 Bytes [28, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtCreateFile + B 76EF487B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtMapViewOfSection + 6 76EF4ED6 1 Byte [28] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtMapViewOfSection + 6 76EF4ED6 4 Bytes [28, 03, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtMapViewOfSection + B 76EF4EDB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenFile + 6 76EF4F86 4 Bytes [68, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenFile + B 76EF4F8B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenProcess + 6 76EF5036 4 Bytes [A8, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenProcess + B 76EF503B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenProcessToken + 6 76EF5046 4 Bytes CALL 75EF574C C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenProcessToken + B 76EF504B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenProcessTokenEx + 6 76EF5056 4 Bytes [A8, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenProcessTokenEx + B 76EF505B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenThread + 6 76EF50B6 4 Bytes [68, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenThread + B 76EF50BB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenThreadToken + 6 76EF50C6 4 Bytes [68, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenThreadToken + B 76EF50CB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenThreadTokenEx + 6 76EF50D6 4 Bytes CALL 75EF57DD C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtOpenThreadTokenEx + B 76EF50DB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtQueryAttributesFile + 6 76EF51E6 4 Bytes [A8, 00, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtQueryAttributesFile + B 76EF51EB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtQueryFullAttributesFile + 6 76EF5296 4 Bytes CALL 75EF599B C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtQueryFullAttributesFile + B 76EF529B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtSetInformationFile + 6 76EF58E6 4 Bytes [28, 01, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtSetInformationFile + B 76EF58EB 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtSetInformationThread + 6 76EF5946 4 Bytes [28, 02, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtSetInformationThread + B 76EF594B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtUnmapViewOfSection + 6 76EF5C66 1 Byte [68] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtUnmapViewOfSection + 6 76EF5C66 4 Bytes [68, 03, 07, 00] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!NtUnmapViewOfSection + B 76EF5C6B 1 Byte [E2] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!LdrUnloadDll 76F0BEAF 5 Bytes JMP 000903FC .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!LdrLoadDll 76F0F5B5 5 Bytes JMP 000901F8 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] kernel32.dll!GetBinaryTypeW + 70 757078FC 1 Byte [62] .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] USER32.dll!UnhookWindowsHookEx 75A5CC7B 5 Bytes JMP 00130A08 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] USER32.dll!UnhookWinEvent 75A5D924 5 Bytes JMP 001303FC .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] USER32.dll!SetWindowsHookExW 75A6210A 5 Bytes JMP 00130804 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] USER32.dll!SetWinEventHook 75A6507E 5 Bytes JMP 001301F8 .text C:\Users\Maciej\AppData\Local\Google\Chrome\Application\chrome.exe[5716] USER32.dll!SetWindowsHookExA 75A86DFA 5 Bytes JMP 00130600 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\rundll32.exe[1084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74F35E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodnoœci aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[1084] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74F35E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodnoœci aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74F35E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodnoœci aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[1084] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74F35E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodnoœci aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[1084] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74F35E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodnoœci aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[1084] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74F35E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodnoœci aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Mened¿er filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----