GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-18 15:34:33 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250410AS rev.3.AAE 232,88GB Running: 4fig4v1w.exe; Driver: C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\kgndqfow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken [0xACAB07E4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwConnectPort [0xACAAFD90] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateFile [0xACAB044A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateKey [0xACAB1040] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSection [0xACAB2C20] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject [0xACAB2F9E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThread [0xACAAF77C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteKey [0xACAB09D0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteValueKey [0xACAB0BE8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDuplicateObject [0xACAAF582] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateKey [0xACAB182A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateValueKey [0xACAB1A80] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwLoadDriver [0xACAB2652] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwMakeTemporaryObject [0xACAB0058] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenFile [0xACAB0626] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenKey [0xACAB1030] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenProcess [0xACAAF1B0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenSection [0xACAB02F2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenThread [0xACAAF3B4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryKey [0xACAB1C8E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryMultipleValueKey [0xACAB20E2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryValueKey [0xACAB1EA0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwRenameKey [0xACAB15B2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSecurityObject [0xACAB0E54] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSystemInformation [0xACAB293E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetValueKey [0xACAB130A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwShutdownSystem [0xACAAFFC2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSystemDebugControl [0xACAB01DE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateProcess [0xACAAFB92] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateThread [0xACAAF980] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D8C 80504674 4 Bytes CALL E8FCF184 .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB93EA000, 0x235F87, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA98FE300, 0x3AE88, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA4A8300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[152] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[152] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[152] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[152] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[152] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[152] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[152] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[152] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[152] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[152] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[152] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[236] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[236] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[236] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[236] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[236] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[236] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[236] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[236] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[236] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[348] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[488] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00780630 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe .text C:\Program Files\Unlocker\UnlockerAssistant.exe[492] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[492] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[492] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[492] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[492] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[492] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[492] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[492] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[492] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[492] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[568] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[568] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[568] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[568] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[568] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[568] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[568] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[568] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[568] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\csrss.exe[712] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll .text C:\WINDOWS\system32\csrss.exe[712] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll .text C:\WINDOWS\system32\services.exe[800] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[800] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[800] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[800] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[800] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[800] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[800] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F870 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[800] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[800] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[800] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[800] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[812] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[812] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[812] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[812] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[812] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[812] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[812] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[812] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[812] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[984] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[984] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[984] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[984] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[984] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[984] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[984] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[984] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[984] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[984] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[984] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[984] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1004] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F870 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1004] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1004] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1004] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1004] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1080] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F870 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1080] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1080] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1080] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1080] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1080] rpcss.dll!WhichService 76A64234 8 Bytes JMP EDF01001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1176] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00534850 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1176] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0054ECA0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1212] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F870 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1212] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1212] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1212] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1212] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[1264] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[1264] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[1264] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[1264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[1264] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[1264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[1264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[1264] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[1264] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[1264] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[1264] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[1264] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[1264] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1284] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1284] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1284] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1284] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1284] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1284] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1284] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1284] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1284] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1284] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1284] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1284] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1284] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1376] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1376] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1376] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1376] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1388] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1388] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1388] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1388] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1388] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1388] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1388] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1388] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1388] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1388] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[1388] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1464] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1464] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1464] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1464] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1464] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1464] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1464] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1464] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1464] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1464] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\Ati2evxx.exe[1464] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1536] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1536] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1536] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1536] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1684] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00B2D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1684] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 00B3BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1684] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 00B3B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1684] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B37F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1684] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00B2D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B35070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B35C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1684] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00B38D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1684] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00B38AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1684] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00B39E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1684] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00B39D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1684] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00B33BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe[1684] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00B344D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[1720] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[1720] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[1720] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[1720] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[1720] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[1720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[1720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[1720] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[1720] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[1720] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[1720] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[1720] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[1720] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1744] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1744] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1744] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1744] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1744] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1744] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1744] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1744] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1744] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1744] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Rainlendar2\Rainlendar2.exe[1752] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 012CD120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Rainlendar2\Rainlendar2.exe[1752] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 012DBCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Rainlendar2\Rainlendar2.exe[1752] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 012DB9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Rainlendar2\Rainlendar2.exe[1752] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 012D7F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Rainlendar2\Rainlendar2.exe[1752] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 012CD240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Rainlendar2\Rainlendar2.exe[1752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 012D5070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Rainlendar2\Rainlendar2.exe[1752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 012D5C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Rainlendar2\Rainlendar2.exe[1752] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 012D3BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Rainlendar2\Rainlendar2.exe[1752] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 012D44D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Rainlendar2\Rainlendar2.exe[1752] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 012D8D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Rainlendar2\Rainlendar2.exe[1752] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 012D8AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Rainlendar2\Rainlendar2.exe[1752] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 012D9E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Rainlendar2\Rainlendar2.exe[1752] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 012D9D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1796] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1796] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1796] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1796] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1796] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1796] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1796] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1796] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1796] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1796] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1796] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1796] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1796] SHELL32.dll!SHFileOperationW 7CA70984 5 Bytes JMP 02641102 C:\Program Files\Unlocker\UnlockerHook.dll .text C:\WINDOWS\system32\svchost.exe[1844] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1844] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1844] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1844] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1844] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1844] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1844] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1844] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ANIWConnService.exe[1880] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ANIWConnService.exe[1880] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ANIWConnService.exe[1880] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ANIWConnService.exe[1880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ANIWConnService.exe[1880] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ANIWConnService.exe[1880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ANIWConnService.exe[1880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ANIWConnService.exe[1880] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ANIWConnService.exe[1880] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ANIWConnService.exe[1880] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ANIWConnService.exe[1880] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ANIWConnService.exe[1880] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ANIWConnService.exe[1880] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1904] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1904] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1904] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1904] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1904] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1904] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1904] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1904] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1904] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[1904] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[1924] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[1924] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[1924] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[1924] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[1924] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[1924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[1924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[1924] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[1924] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[1924] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[1924] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[1924] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[1924] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1944] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1944] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1944] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1944] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1944] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1944] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1944] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1944] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1944] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1944] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1968] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1968] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1968] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1968] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1968] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1968] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1968] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1968] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[1968] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[2028] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[2028] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[2028] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[2028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[2028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[2028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[2028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[2028] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[2028] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[2028] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[2028] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[2028] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[2028] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2096] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2096] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2096] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2096] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2096] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2096] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2096] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2096] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2096] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2096] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2096] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2096] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2096] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[2124] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[2124] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[2124] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[2124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[2124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[2124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[2124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[2124] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[2124] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[2124] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[2124] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[2124] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe[2124] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2204] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2204] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2204] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2204] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2204] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2204] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2204] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2204] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2204] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2204] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2204] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2204] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2204] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2236] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2236] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2236] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2236] ADVAPI32.DLL!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2236] ADVAPI32.DLL!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2236] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2236] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2236] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Panda USB Vaccine\USBVaccine.exe[2236] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2692] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2692] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2692] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0173EEB0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2692] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01D4979B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2692] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01D49778 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2692] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 01744CE9 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2692] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2692] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01D496F9 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2692] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2692] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2692] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2692] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2692] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[2740] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[2740] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[2740] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[2740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0118C533 C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[2740] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[2740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[2740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[2740] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 0197F664 C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[2740] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0197F6AA C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[2740] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 01805B3E C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[2740] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 01805B9E C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[2740] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[2740] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 0197F6D1 C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[2740] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[2740] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[2740] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[2740] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[2740] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2776] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 010AD120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2776] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 010BBCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2776] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 010BB9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 010B7F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 010AD240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2776] kernel32.dll!CreateProcessW 7C802336 3 Bytes JMP 010B5070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2776] kernel32.dll!CreateProcessW + 4 7C80233A 1 Byte [84] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2776] kernel32.dll!CreateProcessA 7C80236B 3 Bytes JMP 010B5C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2776] kernel32.dll!CreateProcessA + 4 7C80236F 1 Byte [84] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2776] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 010B3BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2776] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 010B44D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2776] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 010B8D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2776] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 010B8AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2776] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 010B9E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2776] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 010B9D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2776] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 1099D8D4 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2776] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 1099D863 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2776] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 107F2A67 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2776] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 107F306A C:\Program Files\Mozilla Firefox\xul.dll .text C:\Documents and Settings\Właściciel\Pulpit\OTL.exe[3000] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\OTL.exe[3000] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\OTL.exe[3000] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\OTL.exe[3000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\OTL.exe[3000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\OTL.exe[3000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\OTL.exe[3000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\OTL.exe[3000] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\OTL.exe[3000] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\OTL.exe[3000] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\OTL.exe[3000] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\OTL.exe[3000] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\OTL.exe[3000] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\4fig4v1w.exe[3420] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\4fig4v1w.exe[3420] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\4fig4v1w.exe[3420] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\4fig4v1w.exe[3420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\4fig4v1w.exe[3420] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\4fig4v1w.exe[3420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\4fig4v1w.exe[3420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\4fig4v1w.exe[3420] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\4fig4v1w.exe[3420] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\4fig4v1w.exe[3420] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\4fig4v1w.exe[3420] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\4fig4v1w.exe[3420] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Pulpit\4fig4v1w.exe[3420] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[3592] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00CBD120 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[3592] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 00CCBCD0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[3592] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 00CCB9B0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[3592] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00CC7F40 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[3592] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00CBD240 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[3592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CC5070 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[3592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CC5C00 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[3592] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00CC3BA0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[3592] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00CC44D0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[3592] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00CC8D10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[3592] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00CC8AE0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[3592] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00CC9E10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe[3592] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00CC9D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[3740] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[3740] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[3740] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[3740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[3740] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[3740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[3740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[3740] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[3740] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[3740] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[3740] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[3740] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[3740] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3984] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3984] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3984] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3984] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3984] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3984] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3984] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3984] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3984] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3984] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3984] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3984] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[4048] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[4048] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[4048] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[4048] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[4048] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[4048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[4048] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[4048] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[4048] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[4048] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[4048] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[4048] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\notepad.exe[4048] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4076] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4076] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4076] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4076] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4076] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4076] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4076] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4076] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[4076] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4088] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4088] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4088] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4088] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4088] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4088] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4088] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4088] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4088] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4088] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4088] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Files - GMER 2.1 ---- File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\1\BD\DDF6Fd01 16322 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\1\BD\DDF6Fm01 3115 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\2\4D\918DDd01 0 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\2\23\F07D2m01 4385 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\3\D9\12311m01 0 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\3\27\F4067d01 11067 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\3\F8\D5CEAd01 42562 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\3\C1\7B864m01 0 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\3\6F\A67CDd01 0 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\4\A6\D861Bd01 14265 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\5\FE\6BC7Fm01 3248 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\7\02\07225d01 18049 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\9\0F\97A27d01 6030 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\9\C9\8D582d01 0 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\A\E2\7518Ed01 37688 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\C\A1\70FC7d01 7504 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\C\D8\92C9Ad01 6176 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\C\F8\E2AA7d01 4721 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\C\F8\E2AA7m01 3152 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\C\35\D7AB5d01 0 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\D\B7\26EBBm01 6499 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\E\80\1239Em01 0 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\E\2F\5CCB2m01 4884 bytes File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1fbsazru.default\Cache\F\DA\BD81Ed01 18742 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2A3ADB9F-9A26-4320-934A-794CCAA8DE9B.data 34368 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2A3ADB9F-9A26-4320-934A-794CCAA8DE9B.data.info 244 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\862A7DDB-6252-45FB-9DB4-DA6F52C8FA05.data 3787456 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\862A7DDB-6252-45FB-9DB4-DA6F52C8FA05.data.info 320 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A63E3AD1-EADC-402F-B95D-20B52789CE21.data 726614 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A63E3AD1-EADC-402F-B95D-20B52789CE21.data.info 236 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes ---- EOF - GMER 2.1 ----