GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-17 16:18:40 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-d SAMSUNG_HD403LJ rev.CT100-10 372,61GB Running: r3zexv2e.exe; Driver: C:\DOCUME~1\mary\USTAWI~1\Temp\kxrdypob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA9BE6610] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA9CC25FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA9BE70E6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA9C2AB36] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA9BF2F18] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA9BF2F64] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA9BF30FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA9C2A4EA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA9BF2E86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA9BF2FA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA9BF2ECE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA9BE75E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA9BF30B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA9BE7E9C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA9BE6676] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA9C2B1FC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA9C2B4B2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA9BEB596] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA9C2B067] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA9C2AED2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA9CC26C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA9BE625E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA9BE66DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA9BEB98C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA9BE892C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA9BF2F42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA9BF2F86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA9BF3122] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA9C2A846] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA9BF2EAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA9BEAE78] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA9BF3036] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA9BF2EF6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA9BEB26E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA9BF30DC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA9CC2822] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA9C2AD4D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA9BE87F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA9C2AB9F] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA9BE834E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA9CCF744] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA9C29B30] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA9BE6742] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA9BE67A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA9BE7D16] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA9BE62F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA9BE64CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA9C2B303] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA9BE645C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA9BE8066] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA9BE81C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA9BE6556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA9BE7B54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA9BE7CF6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA9CC0C42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA9BE680E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA9BE7142] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA9CDBE00] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D2C 80504614 4 Bytes JMP B0A9C2A4 .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [42, 67, BE, A9, A8, 67, BE, ...] {INC EDX; MOV ESI, 0xbe67a8a9; TEST EAX, 0xa9be7d16} .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [66, 80, BE, A9, C8, 81, BE, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL A9BE8FD9 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC58A 5 Bytes JMP A9CD8C9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C300E 5 Bytes JMP A9CDA7B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D11CA 7 Bytes JMP A9CDBE04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8E56000, 0x2C8C48, 0xE8000020] .text win32k.sys!EngFreeUserMem + 674 BF809985 5 Bytes JMP A9BED284 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C8E1 5 Bytes JMP A9BED162 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF8139AC 5 Bytes JMP A9BED116 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E659 5 Bytes JMP A9BEBBF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 197D BF820D66 5 Bytes JMP A9BEC6EC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPaint + 11A6 BF82D580 5 Bytes JMP A9BEBD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLockSurface + C09 BF82E6FE 5 Bytes JMP A9BED3FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + 2E84 BF83908A 5 Bytes JMP A9BED614 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + B8EC BF841AF2 5 Bytes JMP A9BED00A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + E0A8 BF8442AE 5 Bytes JMP A9BEC6CE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + F624 BF84582A 5 Bytes JMP A9BEBDF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 290F BF86C704 5 Bytes JMP A9BEC7C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 4BED BF86E9E2 5 Bytes JMP A9BEC22C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 4C78 BF86EA6D 5 Bytes JMP A9BEC508 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 584E BF86F643 5 Bytes JMP A9BEBAD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + AC2C BF874A21 5 Bytes JMP A9BED1B2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnicodeToMultiByteN + 67EE BF87BC4B 5 Bytes JMP A9BED33C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 35E9 BF897CF8 5 Bytes JMP A9BEC2F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 4126 BF898835 5 Bytes JMP A9BEC4C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF8B5921 5 Bytes JMP A9BEC7E2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 2862 BF8B903F 5 Bytes JMP A9BED56C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 35C2 BF8C1BCF 5 Bytes JMP A9BEBF24 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + A596 BF8EB15E 5 Bytes JMP A9BEC70A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8EFC1F 5 Bytes JMP A9BEB9C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 3BBE BF8F1DEE 5 Bytes JMP A9BEC008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 3E3E BF8F206E 5 Bytes JMP A9BEC150 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1A40 BF9149B2 5 Bytes JMP A9BEBCDC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1CEC BF914C5E 5 Bytes JMP A9BEC88C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2614 BF915586 5 Bytes JMP A9BEBEBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F95 BF917F07 5 Bytes JMP A9BEC628 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1925 BF948464 5 Bytes JMP A9BED4BE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 2.1 ---- .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[244] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[260] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[392] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[392] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe[568] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe[568] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[696] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[704] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[704] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[840] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[840] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[896] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\eSafe\eGdpSvc.exe[996] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\eSafe\eGdpSvc.exe[996] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[1120] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[1120] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1128] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1128] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1208] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1208] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1208] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1208] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1208] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1208] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1208] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1208] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1208] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1208] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1208] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1208] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\iTunes\iTunesHelper.exe[1212] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\iTunes\iTunesHelper.exe[1212] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1220] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1220] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1228] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[1380] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1492] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1532] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1576] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1588] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[1760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[1760] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1780] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\mary\Ustawienia lokalne\Dane aplikacji\DProtect\DProtectSvc.exe[1812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\mary\Ustawienia lokalne\Dane aplikacji\DProtect\DProtectSvc.exe[1812] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1856] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe[2156] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe[2156] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[2228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\svchost.exe[2228] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2228] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014 .text C:\WINDOWS\System32\svchost.exe[2228] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804 .text C:\WINDOWS\System32\svchost.exe[2228] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08 .text C:\WINDOWS\System32\svchost.exe[2228] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C .text C:\WINDOWS\System32\svchost.exe[2228] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10 .text C:\WINDOWS\System32\svchost.exe[2228] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8 .text C:\WINDOWS\System32\svchost.exe[2228] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC .text C:\WINDOWS\System32\svchost.exe[2228] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600 .text C:\WINDOWS\System32\svchost.exe[2228] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00470804 .text C:\WINDOWS\System32\svchost.exe[2228] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00470A08 .text C:\WINDOWS\System32\svchost.exe[2228] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00470600 .text C:\WINDOWS\System32\svchost.exe[2228] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004701F8 .text C:\WINDOWS\System32\svchost.exe[2228] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004703FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2240] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text D:\Programy\Microsoft Office\Office12\ONENOTEM.EXE[2272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\Programy\Microsoft Office\Office12\ONENOTEM.EXE[2272] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[2620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[2620] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2832] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2832] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, B0, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, B3, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, B0, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, B1, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9171CA .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, B2, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, B1, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, B2, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91723B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, B0, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B917369 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, B1, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, B2, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 00422612 C:\Program Files\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, B3, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00CA01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00CA03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00CB1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00CB0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00CB0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00CB0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00CB0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00CB01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00CB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00CB0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00CC0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00CC0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00CC0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00CC01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00CC03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3248] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3248] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3248] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3248] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3248] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3248] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3248] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3248] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3248] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3248] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3248] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3248] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3248] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3248] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3248] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\WINDOWS\System32\svchost.exe[3400] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3400] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3432] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[3448] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[3448] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[3836] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3836] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[3836] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3836] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\System32\alg.exe[3836] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\System32\alg.exe[3836] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\System32\alg.exe[3836] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\System32\alg.exe[3836] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\WINDOWS\System32\alg.exe[3836] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00331014 .text C:\WINDOWS\System32\alg.exe[3836] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00330804 .text C:\WINDOWS\System32\alg.exe[3836] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00330A08 .text C:\WINDOWS\System32\alg.exe[3836] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00330C0C .text C:\WINDOWS\System32\alg.exe[3836] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00330E10 .text C:\WINDOWS\System32\alg.exe[3836] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003301F8 .text C:\WINDOWS\System32\alg.exe[3836] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003303FC .text C:\WINDOWS\System32\alg.exe[3836] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00330600 .text C:\Program Files\Java\jre7\bin\jqs.exe[3896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[3896] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\lxblcoms.exe[3968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lxblcoms.exe[3968] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[4064] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[4064] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, D0, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, D3, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, D0, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, D1, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B918FEA .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, D2, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, D1, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, D2, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91905B .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, D0, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B919189 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, D1, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, D2, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 00422612 C:\Program Files\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, D3, B9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00E801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00E803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00E91014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00E90804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00E90A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00E90C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00E90E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00E901F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00E903FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00E90600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00EA0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00EA0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00EA0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00EA01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4324] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00EA03FC .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4388] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, B0, 76, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, B3, 76, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, B0, 76, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, B1, 76, 00] {TEST AL, 0xb1; JBE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B914CCA .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, B2, 76, 00] {TEST AL, 0xb2; JBE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, B1, 76, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, B2, 76, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B914D3B .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, B0, 76, 00] {TEST AL, 0xb0; JBE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B914E69 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, B1, 76, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, B2, 76, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 00422612 C:\Program Files\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, B3, 76, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00A503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00A61014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00A60804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00A60A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00A60C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00A60E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00A601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00A603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00A60600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00A70804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00A70A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00A70600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00A701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4524] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00A703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 44, FD, 00] {SUB [EBP+EDI*8+0x0], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 47, FD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 44, FD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 45, FD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91D35E .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 46, FD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 45, FD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 46, FD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91D3CF .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 44, FD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91D4FD .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 45, FD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 46, FD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 00422612 C:\Program Files\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 47, FD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 012C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 012C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 012D1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 012D0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 012D0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 012D0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 012D0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 012D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 012D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 012D0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 012E0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 012E0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 012E0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 012E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 012E03FC .text C:\Documents and Settings\mary\Moje dokumenty\Downloads\r3zexv2e.exe[5240] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Documents and Settings\mary\Moje dokumenty\Downloads\r3zexv2e.exe[5240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\mary\Moje dokumenty\Downloads\r3zexv2e.exe[5240] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Documents and Settings\mary\Moje dokumenty\Downloads\r3zexv2e.exe[5240] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\mary\Moje dokumenty\Downloads\r3zexv2e.exe[5240] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Documents and Settings\mary\Moje dokumenty\Downloads\r3zexv2e.exe[5240] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Documents and Settings\mary\Moje dokumenty\Downloads\r3zexv2e.exe[5240] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\mary\Moje dokumenty\Downloads\r3zexv2e.exe[5240] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Documents and Settings\mary\Moje dokumenty\Downloads\r3zexv2e.exe[5240] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Documents and Settings\mary\Moje dokumenty\Downloads\r3zexv2e.exe[5240] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\mary\Moje dokumenty\Downloads\r3zexv2e.exe[5240] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Documents and Settings\mary\Moje dokumenty\Downloads\r3zexv2e.exe[5240] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Documents and Settings\mary\Moje dokumenty\Downloads\r3zexv2e.exe[5240] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004E0804 .text C:\Documents and Settings\mary\Moje dokumenty\Downloads\r3zexv2e.exe[5240] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 004E0A08 .text C:\Documents and Settings\mary\Moje dokumenty\Downloads\r3zexv2e.exe[5240] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 004E0600 .text C:\Documents and Settings\mary\Moje dokumenty\Downloads\r3zexv2e.exe[5240] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004E01F8 .text C:\Documents and Settings\mary\Moje dokumenty\Downloads\r3zexv2e.exe[5240] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004E03FC .text C:\WINDOWS\system32\NOTEPAD.EXE[5712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\NOTEPAD.EXE[5712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\NOTEPAD.EXE[5712] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\NOTEPAD.EXE[5712] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\NOTEPAD.EXE[5712] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00331014 .text C:\WINDOWS\system32\NOTEPAD.EXE[5712] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00330804 .text C:\WINDOWS\system32\NOTEPAD.EXE[5712] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00330A08 .text C:\WINDOWS\system32\NOTEPAD.EXE[5712] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00330C0C .text C:\WINDOWS\system32\NOTEPAD.EXE[5712] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00330E10 .text C:\WINDOWS\system32\NOTEPAD.EXE[5712] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003301F8 .text C:\WINDOWS\system32\NOTEPAD.EXE[5712] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003303FC .text C:\WINDOWS\system32\NOTEPAD.EXE[5712] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00330600 .text C:\WINDOWS\system32\NOTEPAD.EXE[5712] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00340804 .text C:\WINDOWS\system32\NOTEPAD.EXE[5712] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00340A08 .text C:\WINDOWS\system32\NOTEPAD.EXE[5712] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00340600 .text C:\WINDOWS\system32\NOTEPAD.EXE[5712] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003401F8 .text C:\WINDOWS\system32\NOTEPAD.EXE[5712] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 4C, EF, 00] {SUB [EDI+EBP*8+0x0], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 4F, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 4C, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 4D, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91C566 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 4E, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 4D, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 4E, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91C5D7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 4C, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91C705 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 4D, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 4E, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 00422612 C:\Program Files\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 4F, EF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 011E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 011F1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 011F0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 011F0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 011F0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 011F0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 011F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 011F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 011F0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01200804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01200A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01200600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 012001F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5776] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 012003FC ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C90790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\afwServ.exe[896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C90790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[1220] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C90790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\WINDOWS\system32\services.exe[1576] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[1576] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2900] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00AF0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4324] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00CD0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4524] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 008A0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 01110010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[5776] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 01030010 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswFW.sys (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswFW.sys (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswFW.sys (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswFW.sys (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- EOF - GMER 2.1 ----