GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-26 04:07:12 Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.2AJ1 Running: qfzdt4pj.exe; Driver: C:\Users\JDREK~1\AppData\Local\Temp\kwlyqpob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90247536] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x919B87BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x90247F52] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x90252D7A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x90252DC6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x90252F48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x90252CE8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x919B8BAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x90252D30] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x90248146] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x90252F02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x902488CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90247584] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0x919C3686] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x919B889E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x902471EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x902475D2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9024C2A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90249292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x90252DA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x90252DE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x90252F6C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x90252D0E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0x919C358A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x90252E8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x90252D58] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0x919C3608] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x90252F26] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x919B8A1E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9024915E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x90248D08] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90247620] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9024766E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x9024874A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90247276] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90247426] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x902473CC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x90248A2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x90248B88] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90247496] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x919B8AE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x902485CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x902476BC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x919B8954] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x902482CE] INT 0x52 ? 87FF7CB8 INT 0x62 ? 87FF7CB8 INT 0x72 ? 855DECB8 INT 0x82 ? 855DECB8 INT 0x92 ? 855E4CB8 INT 0x92 ? 855E5CB8 INT 0x92 ? 87FF7CB8 INT 0x92 ? 855E4CB8 INT 0xA2 ? 87FF7CB8 INT 0xA2 ? 87FF7CB8 INT 0xA2 ? 87FF7CB8 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x919D0744] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 3B4 828808C0 4 Bytes CALL D2182DF1 .text ntkrnlpa.exe!ZwCallbackReturn + 734 82880C40 12 Bytes [20, 76, 24, 90, 6E, 76, 24, ...] {AND [ESI+0x24], DH; NOP ; OUTSB ; JBE 0x2b; NOP ; DEC EDX; XCHG [EAX+EDX*4], ESP} .text ntkrnlpa.exe!ZwCallbackReturn + 7E0 82880CEC 12 Bytes [2C, 8A, 24, 90, 88, 8B, 24, ...] {SUB AL, 0x8a; AND AL, 0x90; MOV [EBX+0x74969024], CL; AND AL, 0x90} .text ntkrnlpa.exe!ZwCallbackReturn + 7F0 82880CFC 8 Bytes [E8, 8A, 9B, 91, CA, 85, 24, ...] {CALL 0xffffffffca919b8f; TEST [EAX+EDX*4], ESP} PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 829BE9A7 4 Bytes CALL 90249959 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 829C6428 4 Bytes CALL 9024996F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 829F1ADB 5 Bytes JMP 919CD61C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 829F75F6 5 Bytes JMP 919CF0FE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82A12645 7 Bytes JMP 919D0748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x807DCB2E] .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8327C000, 0x4036D, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x832C5000, 0x510, 0x40000040] .text USBPORT.SYS!DllUnload 8C222C57 5 Bytes JMP 87FF71C8 .text win32k.sys!EngMultiByteToUnicodeN + 2B73 97E20FF7 5 Bytes JMP 9024CD72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetRgnData + C9D 97E24E6D 5 Bytes JMP 9024CC2C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetRectRgn + 3DB 97E2542E 5 Bytes JMP 9024CA52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 4E6 97E52D36 5 Bytes JMP 9024DB90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 37CC 97E5601C 5 Bytes JMP 9024C3E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 323E 97E5B9BD 5 Bytes JMP 9024CE04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 33D0 97E5BB4F 5 Bytes JMP 9024CEF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 273B 97E5E974 5 Bytes JMP 9024C6B8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + A683 97E668BC 5 Bytes JMP 9024D7FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 11665 97E6D89E 5 Bytes JMP 9024C2DE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 118A6 97E6DADF 5 Bytes JMP 9024C992 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 11979 97E6DBB2 5 Bytes JMP 9024CC58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text ... .text win32k.sys!EngMapFontFileFD + F717 97E80D5E 5 Bytes JMP 9024C538 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPaint + 3290 97E864C2 5 Bytes JMP 9024DA2A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPaint + 69A5 97E89BD7 5 Bytes JMP 9024C5A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + 5C5 97E8D74E 5 Bytes JMP 9024CEDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 44F5 97EACEAC 5 Bytes JMP 9024C3FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLpkInstalled + FD1 97EC59BD 5 Bytes JMP 9024D7B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 3BF8 97ED2BAD 5 Bytes JMP 9024DC32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 5E54 97ED4E09 5 Bytes JMP 9024CE1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bEnum + AA 97ED5612 5 Bytes JMP 9024D972 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + CE84 97EE2C1F 5 Bytes JMP 9024D76A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 1D65 97EE9DDB 5 Bytes JMP 9024D8C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFindImageProcAddress + 1A09 97EF565B 5 Bytes JMP 9024C8BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteClip + 59E8 97F0B49C 5 Bytes JMP 9024C664 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bPolyBezierTo + 62D 97F1379F 5 Bytes JMP 9024C790 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1661 97F292FC 5 Bytes JMP 9024CE34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 38A2 97F3114B 5 Bytes JMP 9024C4D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 65C7 97F33E70 5 Bytes JMP 9024C826 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1A89 97F6F44E 5 Bytes JMP 9024DAE8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\csrss.exe[744] KERNEL32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\system32\wininit.exe[792] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\system32\csrss.exe[804] KERNEL32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\system32\winlogon.exe[840] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\system32\services.exe[880] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] ? C:\Windows\system32\services.exe[880] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll .text C:\Windows\system32\lsass.exe[912] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\system32\lsm.exe[920] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1124] KERNEL32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1152] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text ... .text E:\programy\bzdety\avast\AvastSvc.exe[1996] kernel32.dll!SetUnhandledExceptionFilter 7636D177 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Windows\system32\Dwm.exe[2004] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\Explorer.EXE[2012] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\ehome\ehmsas.exe[2192] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 000401F8 .text C:\Windows\ehome\ehmsas.exe[2192] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 000403FC .text C:\Windows\ehome\ehmsas.exe[2192] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\ehome\ehmsas.exe[2192] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 000603FC .text C:\Windows\ehome\ehmsas.exe[2192] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00060600 .text C:\Windows\ehome\ehmsas.exe[2192] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00060A08 .text C:\Windows\ehome\ehmsas.exe[2192] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00061014 .text C:\Windows\ehome\ehmsas.exe[2192] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00060804 .text C:\Windows\ehome\ehmsas.exe[2192] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00060C0C .text C:\Windows\ehome\ehmsas.exe[2192] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00060E10 .text C:\Windows\ehome\ehmsas.exe[2192] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 000601F8 .text C:\Windows\ehome\ehmsas.exe[2192] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00070A08 .text C:\Windows\ehome\ehmsas.exe[2192] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00070600 .text C:\Windows\ehome\ehmsas.exe[2192] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00070804 .text C:\Windows\ehome\ehmsas.exe[2192] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 000703FC .text C:\Windows\ehome\ehmsas.exe[2192] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2288] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2288] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2288] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2288] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2288] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2288] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2288] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00171014 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2288] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2288] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00170C0C .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2288] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00170E10 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2288] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2288] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2288] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2288] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2288] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2288] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 001801F8 .text C:\Windows\system32\agrsmsvc.exe[2380] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 000801F8 .text C:\Windows\system32\agrsmsvc.exe[2380] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 000803FC .text C:\Windows\system32\agrsmsvc.exe[2380] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\system32\agrsmsvc.exe[2380] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 000A03FC .text C:\Windows\system32\agrsmsvc.exe[2380] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 000A0600 .text C:\Windows\system32\agrsmsvc.exe[2380] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 000A0A08 .text C:\Windows\system32\agrsmsvc.exe[2380] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 000A1014 .text C:\Windows\system32\agrsmsvc.exe[2380] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 000A0804 .text C:\Windows\system32\agrsmsvc.exe[2380] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 000A0C0C .text C:\Windows\system32\agrsmsvc.exe[2380] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 000A0E10 .text C:\Windows\system32\agrsmsvc.exe[2380] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 000A01F8 .text C:\Windows\system32\agrsmsvc.exe[2380] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 000B0A08 .text C:\Windows\system32\agrsmsvc.exe[2380] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 000B0600 .text C:\Windows\system32\agrsmsvc.exe[2380] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 000B0804 .text C:\Windows\system32\agrsmsvc.exe[2380] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 000B03FC .text C:\Windows\system32\agrsmsvc.exe[2380] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 000B01F8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2392] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 001501F8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2392] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 001503FC .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2392] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2392] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 001D0A08 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2392] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 001D0600 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2392] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 001D0804 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2392] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 001D03FC .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2392] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 001D01F8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2392] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 001E03FC .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2392] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 001E0600 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2392] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 001E0A08 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2392] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 001E1014 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2392] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 001E0804 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2392] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 001E0C0C .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2392] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 001E0E10 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2392] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 001E01F8 .text C:\Windows\System32\svchost.exe[2416] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[2416] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[2416] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\System32\svchost.exe[2416] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[2416] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[2416] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[2416] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[2416] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[2416] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[2416] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[2416] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 000701F8 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[2536] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 001501F8 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[2536] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 001503FC .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[2536] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[2536] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 001703FC .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[2536] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00170600 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[2536] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00170A08 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[2536] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00171014 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[2536] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00170804 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[2536] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00170C0C .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[2536] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00170E10 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[2536] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 001701F8 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[2536] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00180A08 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[2536] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00180600 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[2536] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00180804 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[2536] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 001803FC .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[2536] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 001801F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2580] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 001401F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2580] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 001403FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2580] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2580] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00160A08 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2580] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00160600 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2580] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00160804 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2580] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 001603FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2580] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 001601F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2580] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 001703FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2580] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00170600 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2580] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00170A08 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2580] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00171014 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2580] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00170804 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2580] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00170C0C .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2580] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00170E10 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2580] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 001701F8 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 000701F8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2756] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 001501F8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2756] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 001503FC .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2756] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2756] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00200A08 .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2756] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00200600 .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2756] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00200804 .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2756] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 002003FC .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2756] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 002001F8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2756] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 002103FC .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2756] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00210600 .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2756] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00210A08 .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2756] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00211014 .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2756] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00210804 .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2756] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00210C0C .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2756] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00210E10 .text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2756] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 002101F8 .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2776] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 001501F8 .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2776] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 001503FC .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2776] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2776] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00170A08 .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2776] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00170600 .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2776] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00170804 .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2776] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 001703FC .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2776] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 001701F8 .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2776] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 001803FC .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2776] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00180600 .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2776] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00180A08 .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2776] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00181014 .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2776] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00180804 .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2776] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00180C0C .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2776] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00180E10 .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2776] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 001801F8 .text C:\Windows\system32\TODDSrv.exe[2808] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 001401F8 .text C:\Windows\system32\TODDSrv.exe[2808] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 001403FC .text C:\Windows\system32\TODDSrv.exe[2808] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\system32\TODDSrv.exe[2808] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00160A08 .text C:\Windows\system32\TODDSrv.exe[2808] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00160600 .text C:\Windows\system32\TODDSrv.exe[2808] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00160804 .text C:\Windows\system32\TODDSrv.exe[2808] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 001603FC .text C:\Windows\system32\TODDSrv.exe[2808] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 001601F8 .text C:\Windows\system32\TODDSrv.exe[2808] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 001703FC .text C:\Windows\system32\TODDSrv.exe[2808] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00170600 .text C:\Windows\system32\TODDSrv.exe[2808] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00170A08 .text C:\Windows\system32\TODDSrv.exe[2808] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00171014 .text C:\Windows\system32\TODDSrv.exe[2808] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00170804 .text C:\Windows\system32\TODDSrv.exe[2808] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00170C0C .text C:\Windows\system32\TODDSrv.exe[2808] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00170E10 .text C:\Windows\system32\TODDSrv.exe[2808] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 001701F8 .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2848] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 001501F8 .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2848] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 001503FC .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2848] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2848] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 001A03FC .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2848] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 001A0600 .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2848] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 001A0A08 .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2848] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 001A1014 .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2848] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 001A0804 .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2848] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 001A0C0C .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2848] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 001A0E10 .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2848] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 001A01F8 .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2848] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 001B0A08 .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2848] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 001B0600 .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2848] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 001B0804 .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2848] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 001B03FC .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2848] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 001B01F8 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2932] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 001501F8 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2932] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 001503FC .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2932] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2932] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 001703FC .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2932] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00170600 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2932] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00170A08 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2932] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00171014 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2932] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00170804 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2932] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00170C0C .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2932] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00170E10 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2932] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 001701F8 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2932] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00180A08 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2932] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00180600 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2932] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00180804 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2932] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 001803FC .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2932] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 001801F8 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2952] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00170A08 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00170600 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00170804 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 001703FC .text C:\Windows\system32\svchost.exe[2952] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 001701F8 .text C:\Windows\System32\svchost.exe[2968] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[2968] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[2968] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\System32\svchost.exe[2968] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[2968] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[2968] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[2968] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[2968] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[2968] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[2968] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[2968] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[3004] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 000501F8 .text C:\Windows\system32\SearchIndexer.exe[3004] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 000503FC .text C:\Windows\system32\SearchIndexer.exe[3004] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3004] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 000703FC .text C:\Windows\system32\SearchIndexer.exe[3004] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00070600 .text C:\Windows\system32\SearchIndexer.exe[3004] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00070A08 .text C:\Windows\system32\SearchIndexer.exe[3004] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00071014 .text C:\Windows\system32\SearchIndexer.exe[3004] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00070804 .text C:\Windows\system32\SearchIndexer.exe[3004] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00070C0C .text C:\Windows\system32\SearchIndexer.exe[3004] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00070E10 .text C:\Windows\system32\SearchIndexer.exe[3004] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[3004] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00080A08 .text C:\Windows\system32\SearchIndexer.exe[3004] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00080600 .text C:\Windows\system32\SearchIndexer.exe[3004] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00080804 .text C:\Windows\system32\SearchIndexer.exe[3004] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 000803FC .text C:\Windows\system32\SearchIndexer.exe[3004] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 000801F8 .text C:\Windows\system32\WUDFHost.exe[3040] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 000501F8 .text C:\Windows\system32\WUDFHost.exe[3040] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 000503FC .text C:\Windows\system32\WUDFHost.exe[3040] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\system32\WUDFHost.exe[3040] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 000803FC .text C:\Windows\system32\WUDFHost.exe[3040] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00080600 .text C:\Windows\system32\WUDFHost.exe[3040] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00080A08 .text C:\Windows\system32\WUDFHost.exe[3040] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00081014 .text C:\Windows\system32\WUDFHost.exe[3040] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00080804 .text C:\Windows\system32\WUDFHost.exe[3040] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00080C0C .text C:\Windows\system32\WUDFHost.exe[3040] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00080E10 .text C:\Windows\system32\WUDFHost.exe[3040] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 000801F8 .text C:\Windows\system32\WUDFHost.exe[3040] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 000D0A08 .text C:\Windows\system32\WUDFHost.exe[3040] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 000D0600 .text C:\Windows\system32\WUDFHost.exe[3040] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 000D0804 .text C:\Windows\system32\WUDFHost.exe[3040] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 000D03FC .text C:\Windows\system32\WUDFHost.exe[3040] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 000D01F8 .text C:\Windows\system32\taskeng.exe[3428] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[3428] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[3428] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\system32\taskeng.exe[3428] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[3428] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[3428] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[3428] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[3428] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[3428] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[3428] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[3428] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[3428] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[3428] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[3428] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[3428] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 000803FC .text C:\Windows\system32\taskeng.exe[3428] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3588] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 000501F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3588] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 000503FC .text C:\Windows\system32\wbem\wmiprvse.exe[3588] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3588] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\wmiprvse.exe[3588] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\wmiprvse.exe[3588] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\wmiprvse.exe[3588] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\wmiprvse.exe[3588] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\wmiprvse.exe[3588] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\wmiprvse.exe[3588] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\wmiprvse.exe[3588] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3588] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00080A08 .text C:\Windows\system32\wbem\wmiprvse.exe[3588] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\wmiprvse.exe[3588] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\wmiprvse.exe[3588] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 000803FC .text C:\Windows\system32\wbem\wmiprvse.exe[3588] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\unsecapp.exe[3624] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 000501F8 .text C:\Windows\system32\wbem\unsecapp.exe[3624] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 000503FC .text C:\Windows\system32\wbem\unsecapp.exe[3624] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[3624] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\unsecapp.exe[3624] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\unsecapp.exe[3624] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\unsecapp.exe[3624] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\unsecapp.exe[3624] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\unsecapp.exe[3624] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\unsecapp.exe[3624] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\unsecapp.exe[3624] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\unsecapp.exe[3624] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00180A08 .text C:\Windows\system32\wbem\unsecapp.exe[3624] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00180600 .text C:\Windows\system32\wbem\unsecapp.exe[3624] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00180804 .text C:\Windows\system32\wbem\unsecapp.exe[3624] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 001803FC .text C:\Windows\system32\wbem\unsecapp.exe[3624] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 001801F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3684] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3684] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 000503FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3684] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3684] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 000703FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3684] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00070600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3684] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3684] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00071014 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3684] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00070804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3684] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00070C0C .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3684] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00070E10 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3684] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3684] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00080A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3684] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00080600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3684] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00080804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3684] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 000803FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3684] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 000801F8 .text C:\Windows\RtHDVCpl.exe[3708] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 001501F8 .text C:\Windows\RtHDVCpl.exe[3708] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 001503FC .text C:\Windows\RtHDVCpl.exe[3708] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\RtHDVCpl.exe[3708] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 001703FC .text C:\Windows\RtHDVCpl.exe[3708] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00170600 .text C:\Windows\RtHDVCpl.exe[3708] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00170A08 .text C:\Windows\RtHDVCpl.exe[3708] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00171014 .text C:\Windows\RtHDVCpl.exe[3708] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00170804 .text C:\Windows\RtHDVCpl.exe[3708] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00170C0C .text C:\Windows\RtHDVCpl.exe[3708] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00170E10 .text C:\Windows\RtHDVCpl.exe[3708] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 001701F8 .text C:\Windows\RtHDVCpl.exe[3708] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00180A08 .text C:\Windows\RtHDVCpl.exe[3708] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00180600 .text C:\Windows\RtHDVCpl.exe[3708] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00180804 .text C:\Windows\RtHDVCpl.exe[3708] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 001803FC .text C:\Windows\RtHDVCpl.exe[3708] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 001801F8 .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3752] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 001501F8 .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3752] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 001503FC .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3752] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3752] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 003C0A08 .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3752] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 003C0600 .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3752] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 003C0804 .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3752] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 003C03FC .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3752] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 003C01F8 .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3752] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 003D03FC .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3752] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 003D0600 .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3752] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 003D0A08 .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3752] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 003D1014 .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3752] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 003D0804 .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3752] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 003D0C0C .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3752] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 003D0E10 .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3752] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 003D01F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3800] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 001501F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3800] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 001503FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3800] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3800] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00170A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3800] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00170600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3800] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00170804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3800] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 001703FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3800] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 001701F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3800] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 001803FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3800] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00180600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3800] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00180A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3800] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00181014 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3800] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00180804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3800] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00180C0C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3800] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00180E10 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3800] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 001801F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3808] KERNEL32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3824] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 001401F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3824] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 001403FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3824] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3824] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00160A08 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3824] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00160600 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3824] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00160804 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3824] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 001603FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3824] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 001601F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3824] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 001703FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3824] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00170600 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3824] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00170A08 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3824] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00171014 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3824] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00170804 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3824] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00170C0C .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3824] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00170E10 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3824] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 001701F8 .text c:\windows\system32\inetsrv\w3wp.exe[3836] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 000401F8 .text c:\windows\system32\inetsrv\w3wp.exe[3836] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 000403FC .text c:\windows\system32\inetsrv\w3wp.exe[3836] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text c:\windows\system32\inetsrv\w3wp.exe[3836] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 000603FC .text c:\windows\system32\inetsrv\w3wp.exe[3836] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00060600 .text c:\windows\system32\inetsrv\w3wp.exe[3836] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00060A08 .text c:\windows\system32\inetsrv\w3wp.exe[3836] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00061014 .text c:\windows\system32\inetsrv\w3wp.exe[3836] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00060804 .text c:\windows\system32\inetsrv\w3wp.exe[3836] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00060C0C .text c:\windows\system32\inetsrv\w3wp.exe[3836] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00060E10 .text c:\windows\system32\inetsrv\w3wp.exe[3836] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 000601F8 .text c:\windows\system32\inetsrv\w3wp.exe[3836] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00070A08 .text c:\windows\system32\inetsrv\w3wp.exe[3836] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00070600 .text c:\windows\system32\inetsrv\w3wp.exe[3836] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00070804 .text c:\windows\system32\inetsrv\w3wp.exe[3836] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 000703FC .text c:\windows\system32\inetsrv\w3wp.exe[3836] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 000701F8 .text E:\programy\bzdety\avast\AvastUI.exe[3872] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3880] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 001501F8 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3880] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 001503FC .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3880] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3880] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00240A08 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3880] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00240600 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3880] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00240804 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3880] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 002403FC .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3880] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 002401F8 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3880] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 002503FC .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3880] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00250600 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3880] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00250A08 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3880] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00251014 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3880] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00250804 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3880] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00250C0C .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3880] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00250E10 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3880] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 002501F8 .text C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe[3896] KERNEL32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3908] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3908] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3908] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3908] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3908] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3908] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3908] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00171014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3908] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3908] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00170C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3908] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00170E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3908] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3908] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3908] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3908] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3908] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3908] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 001801F8 .text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[3956] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 001501F8 .text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[3956] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 001503FC .text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[3956] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[3956] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00270A08 .text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[3956] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00270600 .text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[3956] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00270804 .text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[3956] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 002703FC .text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[3956] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 002701F8 .text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[3956] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 002803FC .text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[3956] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00280600 .text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[3956] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00280A08 .text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[3956] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00281014 .text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[3956] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00280804 .text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[3956] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00280C0C .text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[3956] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00280E10 .text C:\Program Files\TOSHIBA\Utilities\KeNotify.exe[3956] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 002801F8 .text C:\Windows\ehome\ehtray.exe[3964] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 000501F8 .text C:\Windows\ehome\ehtray.exe[3964] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 000503FC .text C:\Windows\ehome\ehtray.exe[3964] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\ehome\ehtray.exe[3964] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 000703FC .text C:\Windows\ehome\ehtray.exe[3964] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00070600 .text C:\Windows\ehome\ehtray.exe[3964] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00070A08 .text C:\Windows\ehome\ehtray.exe[3964] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00071014 .text C:\Windows\ehome\ehtray.exe[3964] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00070804 .text C:\Windows\ehome\ehtray.exe[3964] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00070C0C .text C:\Windows\ehome\ehtray.exe[3964] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00070E10 .text C:\Windows\ehome\ehtray.exe[3964] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 000701F8 .text C:\Windows\ehome\ehtray.exe[3964] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00080A08 .text C:\Windows\ehome\ehtray.exe[3964] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00080600 .text C:\Windows\ehome\ehtray.exe[3964] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00080804 .text C:\Windows\ehome\ehtray.exe[3964] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 000803FC .text C:\Windows\ehome\ehtray.exe[3964] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 000801F8 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4028] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 001501F8 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4028] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 001503FC .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4028] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4028] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00170A08 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4028] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00170600 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4028] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00170804 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4028] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 001703FC .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4028] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 001701F8 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4028] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 001803FC .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4028] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00180600 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4028] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00180A08 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4028] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00181014 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4028] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00180804 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4028] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00180C0C .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4028] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00180E10 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4028] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 001801F8 .text C:\Windows\system32\svchost.exe[4088] ntdll.dll!LdrLoadDll 7767EB00 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[4088] ntdll.dll!LdrUnloadDll 7768BF0A 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[4088] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\system32\svchost.exe[4088] ADVAPI32.dll!CreateServiceW 760F8686 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[4088] ADVAPI32.dll!DeleteService 760F8788 5 Bytes JMP 00080600 .text C:\Windows\system32\svchost.exe[4088] ADVAPI32.dll!ChangeServiceConfigW 760FA26A 5 Bytes JMP 00080A08 .text C:\Windows\system32\svchost.exe[4088] ADVAPI32.dll!SetServiceObjectSecurity 76133791 5 Bytes JMP 00081014 .text C:\Windows\system32\svchost.exe[4088] ADVAPI32.dll!ChangeServiceConfigA 76133891 5 Bytes JMP 00080804 .text C:\Windows\system32\svchost.exe[4088] ADVAPI32.dll!ChangeServiceConfig2A 76133A39 5 Bytes JMP 00080C0C .text C:\Windows\system32\svchost.exe[4088] ADVAPI32.dll!ChangeServiceConfig2W 76133B81 5 Bytes JMP 00080E10 .text C:\Windows\system32\svchost.exe[4088] ADVAPI32.dll!CreateServiceA 76133C41 5 Bytes JMP 000801F8 .text C:\Windows\system32\svchost.exe[4088] USER32.dll!UnhookWindowsHookEx 762A7CE7 5 Bytes JMP 00300A08 .text C:\Windows\system32\svchost.exe[4088] USER32.dll!SetWindowsHookExA 762A891A 5 Bytes JMP 00300600 .text C:\Windows\system32\svchost.exe[4088] USER32.dll!SetWindowsHookExW 762A913D 5 Bytes JMP 00300804 .text C:\Windows\system32\svchost.exe[4088] USER32.dll!UnhookWinEvent 762B2C74 5 Bytes JMP 003003FC .text C:\Windows\system32\svchost.exe[4088] USER32.dll!SetWinEventHook 762B9C6D 5 Bytes JMP 003001F8 .text C:\Windows\system32\taskmgr.exe[4604] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\system32\SearchProtocolHost.exe[5196] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Windows\servicing\TrustedInstaller.exe[5224] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Users\jędrek\Desktop\qfzdt4pj.exe[5652] kernel32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5976] KERNEL32.dll!GetBinaryTypeW + 70 7636714D 1 Byte [62] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806E7F12] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [806E8232] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [806E7730] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806E80F0] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806E7856] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [806E7914] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806FBEB0] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00180002 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00180000 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!DbgPrintEx] 51EC8B55 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUpcaseUnicodeChar] 8B565351 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtClose] FF560875 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationFile] 1B510815 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenFile] 85D88B00 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationFile] C2840FDB IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCompareUnicodeString] 57000000 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAppendUnicodeStringToString] 0068406A IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAllocateHeap] FF000010 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeHeap] 006A5073 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetValueKey] 508415FF IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateKey] F88B001B IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnicodeStringToInteger] 85FC7D89 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeUnicodeString] 9E840FFF IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreatePagingFile] 8B000000 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!_alldiv] A4F3544B IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQuerySystemInformation] 1443B70F IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!_allmul] 0653B70F IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExtendedIntegerMultiply] 1818448D IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryVolumeInformationFile] 8B0CC083 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitUnicodeStringEx] 08758B08 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationProcess] 03FC7D8B IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitUnicodeString] 8BF903F1 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDosPathNameToNtPathName_U] C083FC48 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExpandEnvironmentStrings_U] A4F34A28 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryValueKey] 758BE975 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenKey] 443D8BFC IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!_vsnwprintf] 2B001B51 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetSecurityObject] 458D0875 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetOwnerSecurityDescriptor] 056A50F8 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetDaclSecurityDescriptor] [75FF016A] C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAddAccessAllowedAce] 85D7FFFC IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateAcl] EB2574C0 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateSecurityDescriptor] 04488B1D IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAllocateAndInitializeSid] 56F84D29 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUnicodeString] 8B08508D IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtReadFile] FC450300 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!_chkstk] 52F8C183 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtMakeTemporaryObject] 5051E9D1 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateSymbolicLinkObject] 514015FF IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenDirectoryObject] 7D83001B IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!qsort] DD7500F8 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlRandomEx] 50F8458D IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateDirectoryObject] 016A016A IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlEqualUnicodeString] FFFC75FF IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!memcpy] 74C085D7 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsicmp] 0C488D20 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetEnvironmentVariable] C085018B IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!iswspace] F18B1774 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnlockBootStatusData] 03FC4D8B IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlGetSetBootStatusData] 15FF50C1 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlLockBootStatusData] [001B5080] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetSaclSecurityDescriptor] 8B14C683 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAddMandatoryAce] [75C08506] C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlLengthSid] FC458BEB IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlGetAce] C95B5E5F IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlPrefixUnicodeString] 560004C2 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQuerySymbolicLinkObject] 7140BF57 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenSymbolicLinkObject] 8B57001B IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryDirectoryObject] 7C15FFF1 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlTimeToTimeFields] 6A001B50 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!memset] 3C83580F IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventWrite] 1B715885 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventEnabled] 09740000 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAppendUnicodeToString] 8548C88B IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtMapViewOfSection] EBEF75C9 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateSection] 85348907 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlQueryRegistryValues] [001B7158] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtResumeThread] 3415FF57 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWaitForSingleObject] 5F001B50 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtTerminateProcess] 5756C35E IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDestroyProcessParameters] 1B7140BF IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUserProcess] F18B5700 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateProcessParametersEx] 507C15FF IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsupr] 0F6A001B IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAnsiStringToUnicodeString] 85343958 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitAnsiString] [001B7158] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!_stricmp] C88B0974 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!LdrVerifyImageMatchesChecksumEx] [75C98548] C:\Windows\system32\SCESRV.dll (Aparat edytora konfiguracji zabezpieczeń w systemie Windows/Microsoft Corporation) IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDosSearchPath_U] 8308EBF0 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlQueryEnvironmentVariable_U] 71588524 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDisplayString] 5700001B IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWriteFile] 503415FF IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateFile] 5E5F001B IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAdjustPrivilege] 800068C3 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtInitializeRegistry] 006A0000 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetSystemInformation] 7815FF51 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetEvent] 50001B50 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetCurrentEnvironment] 513C15FF IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDeleteValueKey] 55C3001B IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateEnvironment] 5351EC8B IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenEvent] 35FF5756 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcCreatePort] [001B7198] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationProcess] 513815FF IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateTagHeap] 8D59001B IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUserThread] E8400044 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleaseSRWLockExclusive] 00002B8C IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquireSRWLockExclusive] [75FFFC8B] C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationThread] FC7D8908 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationToken] 719835FF IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenThreadToken] EC68001B IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcImpersonateClientOfPort] 57001B53 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleaseSRWLockShared] 513415FF IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquireSRWLockShared] DB33001B IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcDisconnectPort] 3910C483 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeSRWLock] 6E7D085D IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtConnectPort] FFF63357 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!AlpcGetMessageAttribute] 1B507415 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcAcceptConnectPort] 85F88B00 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcOpenSenderProcess] 8D3774FF IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcCancelMessage] 6A500845 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExitUserThread] FF575602 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcSendWaitReceivePort] 1B513015 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!AlpcInitializeMessageAttribute] 7CC08500 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetThreadIsCritical] FF556A25 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtRequestWaitReplyPort] 15FFFC75 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDuplicateObject] [001B512C] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateEvent] C9335959 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlWakeConditionVariable] 08896657 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlClearBits] FFFE1FE8 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDeleteNoSplay] 85D88BFF IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtClearEvent] 8B0774DB IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSleepConditionVariableSRW] F72B0875 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlWakeAllConditionVariable] FF57F303 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetBits] 1B507015 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlTestBit] 74F68500 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFindClearBits] FC4D8B53 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlClearAllBits] 1B7084BA IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeBitMap] 85D6FF00 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeSid] 684575C0 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtRaiseHardError] 00008000 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWaitForMultipleObjects] 15FF5350 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetProcessIsCritical] [001B5078] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventRegister] 5D3936EB IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetHeapInformation] BB31740C IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeConditionVariable] [001B7140] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDelayExecution] 7C15FF53 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnicodeStringToAnsiString] BE001B50 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryEvent] [001B7194] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleasePrivilege] C085068B IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquirePrivilege] 4D8B0774 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!LdrQueryImageFileExecutionOptions] FFD78B08 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!wcstoul] 83C68BD0 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnhandledExceptionFilter] 583D04EE IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnwind] 75001B71 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!DbgBreakPoint] 15FF53E7 IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlNormalizeProcessParams] [001B5034] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlConnectToSm] 5FF0658D IAT C:\Windows\system32\services.exe[880] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSendMsgToSm] C2C95B5E IAT E:\programy\bzdety\avast\AvastSvc.exe[1996] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [71DCF6D0] E:\programy\bzdety\avast\aswCmnBS.dll (Common functions/AVAST Software) IAT E:\programy\bzdety\avast\AvastUI.exe[3872] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [71DCF6D0] E:\programy\bzdety\avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 855E81E8 Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\fastfat \FatCdrom 90F581E8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) Device \Driver\usbuhci \Device\USBPDO-0 87E85430 Device \Driver\usbuhci \Device\USBPDO-1 87E85430 Device \Driver\usbehci \Device\USBPDO-2 88069430 Device \Driver\usbuhci \Device\USBPDO-3 87E85430 Device \Driver\usbuhci \Device\USBPDO-4 87E85430 AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBPDO-5 87E85430 Device \Driver\usbehci \Device\USBPDO-6 88069430 Device \Driver\netbt \Device\NetBT_Tcpip_{9F67F7D5-D132-47BC-92AB-8EA585EB7A9B} 90F1C1E8 Device \Driver\cdrom \Device\CdRom0 87FEB1E8 Device \Driver\netbt \Device\NetBt_Wins_Export 90F1C1E8 Device \Driver\netbt \Device\NetBT_Tcpip_{CB462522-2B89-44FB-B705-4AEA0948CDEB} 90F1C1E8 Device \Driver\Smb \Device\NetbiosSmb 90ECD1E8 Device \Driver\netbt \Device\NetBT_Tcpip_{72CBD02D-9740-4323-A070-B092EB29CD6C} 90F1C1E8 Device \Driver\iScsiPrt \Device\RaidPort0 87FF61E8 AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\netbt \Device\NetBT_Tcpip_{C43C95D2-F348-44FF-ABC1-A2DD3E052193} 90F1C1E8 Device \Driver\usbuhci \Device\USBFDO-0 87E85430 Device \Driver\usbuhci \Device\USBFDO-1 87E85430 Device \Driver\usbehci \Device\USBFDO-2 88069430 Device \Driver\usbuhci \Device\USBFDO-3 87E85430 Device \Driver\usbuhci \Device\USBFDO-4 87E85430 Device \Driver\usbuhci \Device\USBFDO-5 87E85430 Device \Driver\usbehci \Device\USBFDO-6 88069430 Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\fastfat \Fat 90F581E8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) Device \FileSystem\cdfs \Cdfs 8758F430 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBD 0x1C 0x49 0x1D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x20 0x74 0x41 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer 192.168.1.1 0.0.0.0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 E:\programy\bzdety\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8D 0x2B 0xA8 0xBF ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC7 0xE9 0x07 0x84 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x4A 0xD9 0x13 0x98 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x49 0xC7 0x45 0xC2 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1E 0xB2 0x36 0x7F ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x48 0x83 0x85 0xBF ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBD 0x1C 0x49 0x1D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x20 0x74 0x41 0x58 ... ---- Files - GMER 1.0.15 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r24 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r24\javaw.exe_{25be4ce3-650e-11e1-b86a-00037ac952ab} 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r24\javaw.exe_{25be4ce3-650e-11e1-b86a-00037ac952ab}\C 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r24\javaw.exe_{25be4ce3-650e-11e1-b86a-00037ac952ab}\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r24\javaw.exe_{25be4ce3-650e-11e1-b86a-00037ac952ab}\C\Users\jędrek 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r24\javaw.exe_{25be4ce3-650e-11e1-b86a-00037ac952ab}\C\Users\jędrek\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r24\javaw.exe_{25be4ce3-650e-11e1-b86a-00037ac952ab}\C\Users\jędrek\AppData\Roaming 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r24\javaw.exe_{25be4ce3-650e-11e1-b86a-00037ac952ab}\C\Users\jędrek\AppData\Roaming\.minecraft 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r24\javaw.exe_{25be4ce3-650e-11e1-b86a-00037ac952ab}\C\Users\jędrek\AppData\Roaming\.minecraft\options.txt 493 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r24\javaw.exe_{25be4ce3-650e-11e1-b86a-00037ac952ab}\C\Users\jędrek\AppData\Roaming\.minecraft\resources 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r24\javaw.exe_{25be4ce3-650e-11e1-b86a-00037ac952ab}\C\Users\jędrek\AppData\Roaming\.minecraft\resources\newsound 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r24\javaw.exe_{25be4ce3-650e-11e1-b86a-00037ac952ab}\C\Users\jędrek\AppData\Roaming\.minecraft\resources\newsound\mob 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r24\javaw.exe_{25be4ce3-650e-11e1-b86a-00037ac952ab}\C\Users\jędrek\AppData\Roaming\.minecraft\resources\newsound\mob\irongolem 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r24\javaw.exe_{25be4ce3-650e-11e1-b86a-00037ac952ab}\C\Users\jędrek\AppData\Roaming\.minecraft\resources\newsound\mob\irongolem\death.ogg 17766 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r24\javaw.exe_{25be4ce3-650e-11e1-b86a-00037ac952ab}\C\Users\jędrek\AppData\Roaming\.minecraft\resources\newsound\mob\irongolem\hit1.ogg 9479 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r24\javaw.exe_{25be4ce3-650e-11e1-b86a-00037ac952ab}\C\Users\jędrek\AppData\Roaming\.minecraft\resources\newsound\mob\irongolem\hit2.ogg 9140 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r24\javaw.exe_{25be4ce3-650e-11e1-b86a-00037ac952ab}\C\Users\jędrek\AppData\Roaming\.minecraft\stats 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r24\javaw.exe_{25be4ce3-650e-11e1-b86a-00037ac952ab}\C\Users\jędrek\AppData\Roaming\.minecraft\stats\stats_minecraft_unsent.dat 1206 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r24\javaw.exe_{25be4ce3-650e-11e1-b86a-00037ac952ab}\C\Users\jędrek\AppData\Roaming\.minecraft\stats\stats_minecraft_unsent.old 1206 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28\javaw.exe_{87c6aeae-66d0-11e1-8527-00037ac952ab} 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28\javaw.exe_{87c6aeae-66d0-11e1-8527-00037ac952ab}\C 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28\javaw.exe_{87c6aeae-66d0-11e1-8527-00037ac952ab}\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28\javaw.exe_{87c6aeae-66d0-11e1-8527-00037ac952ab}\C\Users\jędrek 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28\javaw.exe_{87c6aeae-66d0-11e1-8527-00037ac952ab}\C\Users\jędrek\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28\javaw.exe_{87c6aeae-66d0-11e1-8527-00037ac952ab}\C\Users\jędrek\AppData\Roaming 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28\javaw.exe_{87c6aeae-66d0-11e1-8527-00037ac952ab}\C\Users\jędrek\AppData\Roaming\.minecraft 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28\javaw.exe_{87c6aeae-66d0-11e1-8527-00037ac952ab}\C\Users\jędrek\AppData\Roaming\.minecraft\options.txt 493 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28\javaw.exe_{87c6aeae-66d0-11e1-8527-00037ac952ab}\C\Users\jędrek\AppData\Roaming\.minecraft\stats 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28\javaw.exe_{87c6aeae-66d0-11e1-8527-00037ac952ab}\C\Users\jędrek\AppData\Roaming\.minecraft\stats\stats_minecraft_unsent.dat 1206 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28\javaw.exe_{87c6aeae-66d0-11e1-8527-00037ac952ab}\C\Users\jędrek\AppData\Roaming\.minecraft\stats\stats_minecraft_unsent.old 1206 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28\javaw.exe_{87c6aec5-66d0-11e1-8527-00037ac952ab} 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28\javaw.exe_{87c6aec5-66d0-11e1-8527-00037ac952ab}\C 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28\javaw.exe_{87c6aec5-66d0-11e1-8527-00037ac952ab}\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28\javaw.exe_{87c6aec5-66d0-11e1-8527-00037ac952ab}\C\Users\jędrek 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28\javaw.exe_{87c6aec5-66d0-11e1-8527-00037ac952ab}\C\Users\jędrek\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28\javaw.exe_{87c6aec5-66d0-11e1-8527-00037ac952ab}\C\Users\jędrek\AppData\Roaming 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28\javaw.exe_{87c6aec5-66d0-11e1-8527-00037ac952ab}\C\Users\jędrek\AppData\Roaming\.minecraft 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28\javaw.exe_{87c6aec5-66d0-11e1-8527-00037ac952ab}\C\Users\jędrek\AppData\Roaming\.minecraft\options.txt 493 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28\javaw.exe_{87c6aec5-66d0-11e1-8527-00037ac952ab}\C\Users\jędrek\AppData\Roaming\.minecraft\stats 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28\javaw.exe_{87c6aec5-66d0-11e1-8527-00037ac952ab}\C\Users\jędrek\AppData\Roaming\.minecraft\stats\stats_minecraft_unsent.dat 1206 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\r28\javaw.exe_{87c6aec5-66d0-11e1-8527-00037ac952ab}\C\Users\jędrek\AppData\Roaming\.minecraft\stats\stats_minecraft_unsent.old 1206 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\webStorage 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\webStorage\C 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\webStorage\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\webStorage\C\Users\jędrek 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\webStorage\C\Users\jędrek\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\webStorage\C\Users\jędrek\AppData\Local 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\webStorage\C\Users\jędrek\AppData\Local\Temp 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\webStorage\C\Users\jędrek\AppData\Local\Temp\rks1.log 0 bytes File C:\avast! sandbox\S-1-5-21-3339221525-734108770-1581538824-1000\webStorage\snx_fs.dat 784 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG1 119808 bytes File C:\avast! sandbox\snx_rhive.LOG2 0 bytes File C:\avast! sandbox\snx_rhive{fd27d6a9-d36c-11e1-a952-00037ac952ab}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{fd27d6a9-d36c-11e1-a952-00037ac952ab}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{fd27d6a9-d36c-11e1-a952-00037ac952ab}.TMContainer00000000000000000002.regtrans-ms 524288 bytes ---- EOF - GMER 1.0.15 ----